By Fred J. Aun MacNewsWorld Part of the ECT News Network
03/06/07 11:41 AM PT
Apple this week issued eight security patches for its free QuickTime media player. The vulnerabilities in the program and are for both Mac OS X and Windows versions. Apple last released a patch for QuickTime in January. It also released an update to iTunes -- iTunes 7.1.
Is Your Website Killing Customer Confidence? Your Website's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.
To the delight of some PC lovers irritated by years of taunting from Mac enthusiasts about Windows security flaws, Apple (Nasdaq: AAPL) this week issued security patches for its free QuickTime media player.
The patches, part of QuickTime 7.1.5, address eight "vulnerabilities" in the program and are for both Mac OS X and Windows versions. All of the security holes patched by the updated QuickTime product could have allowed "maliciously crafted" files to "lead to an application crash or arbitrary code execution," Apple said on its Web site.
Apple also released an update to iTunes called "iTunes 7.1." All eight of the patches affect QuickTime versions for Windows Vista, XP and 2000 while seven affect OS X from version 10.3.9 and on.
Apple last released a patch for QuickTime in January. That release fixed the so-called zero-day flaw discovered through the "Month of Apple Bugs" initiative in which experts revealed a month's worth of security issues for Apple software.
No Evidence
While some Windows advocates jumped on Apple's QuickTime patch release as an opportunity to criticize Apple, Kirk McElhearn, the author of several books about the MAC OS and other Apple products, told MacNewsWorld that Apple continues to outshine Microsoft (Nasdaq: MSFT) when it comes to security.
"Windows users can gloat all they want," he stated. "One of my activities is working for a Mac security company, so I'm pretty much in tune with what goes on in the security area for Macs. It's very fair to say what Apple says in its commercials: There are no viruses for Macs. It's not that there are no malware or exploits ... but, quite honestly, I haven't seen or heard of a real virus."
The seriousness of the vulnerabilities fixed by the new QuickTime patches is debatable. Upon reading the details provided by Apple, McElhearn said most appear to be rare "one in a billion things" not commonly cropping up on QuickTime use.
Not Too Serious
"The first possibility is something crashes," McElhearn explained. "Arbitrary code execution means someone can stick a payload into a QuickTime movie or an image file and it can activate but, given the way Macs work ... if something is going to touch parts of system, you are going to get an authentication dialog. It's not going to happen without people knowing, no matter what."
Apple's decision to bundle eight patches in one security release "makes sense," according to McElhearn, and is similar to the way the company usually reacts to security issues.
"Apple regularly issues security updates, but what's interesting here is there are eight fixes altogether," he pointed out. "They generally wait until they've got a few, unless it's something extremely critical. This one they did at the same time they released the new version of iTunes, which makes sense. It looks to me [that] they got this out just to go along with the iTunes update. ... Apple's never been the kind of company to react very quickly [to security issues] because they never really had to."
McElhearn noted he has a colleague who, using Parallels, is running Windows on an Intel-based Mac. Within a month of installing Windows on the computer, Windows came under attack by some malware.
BitTorrent Goes Straight With Legit Vid Store February 26, 2007
BitTorrent, long known as a haven for unauthorized file-sharing, on Monday launched the BitTorrent Entertainment Network, an online store selling movies, TV shows and music videos for download. The network can also be utilized as a distribution platform for independent content creators. It faces stiff competition with established players like Apple's iTunes Store and YouTube.
Related Stories
Apple Plugs QuickTime Security Hole January 24, 2007
Apple has issued a fix for a QuickTime flaw 23 days after the bug was first publicized on the "Month of Apple Bugs" project, which promises to expose an Apple vulnerability every day in January. The flaw affects QuickTime version 7.1.3 for both the Mac and Windows, as well as earlier versions of the software.
Microsoft Patch Reflects Continuing IE Vulnerability December 13, 2006
Microsoft released seven patches for several vulnerabilities, including two zero-day flaws in Windows Media Player and a hole in Visual Studio 2005. The update does not address the recent zero-day vulnerabilities in Microsoft Word, but does resolve problems found in IE Versions 5 and 6 (Service Pack 1) running on Windows 2000, Windows XP and Windows Server 2003 systems.
Microsoft Issues Out-of-Cycle Patch for Critical IE Flaw September 27, 2006
Microsoft issued a security patch Tuesday to fix a zero-day vulnerability in its Internet Explorer browser. A flaw in IE's vector markup language component could allow an attacker to take over control of a system without any user interaction. Microsoft confirmed the exploit last week and rushed to issue the out-of-cycle patch -- MS06-055 -- after it discovered a public attack leveraging the vulnerability.
Related News Alerts
More by Fred J. Aun
Intel Feels Fury of OLPC Scorned January 09, 2008
"Over the entire six months it was a member of the association, Intel contributed nothing of value to OLPC," said OLPC. "Intel never contributed in any way to our engineering efforts and failed to provide even a single line of code to the XO software efforts even though Intel marketed its products as being able to run the XO software."
Yahoo Pumps Up Mobile Effort in Bid to Get a Jump on Google January 08, 2008
"Yahoo's ultimate goal is to bring the best possible Internet experience to the billions of mobile consumers around the globe," said Marco Boerries, executive vice president of Yahoo's Connected Life division. "We believe that to succeed on such a scale, the best strategy is to open up our mobile platform in order to tap the innovation and talent of the world's developers and publishers."
Wikia's Search Philosophy: It Takes a Village to Challenge a Giant January 07, 2008
"What you see here is our first alpha release," says a greeting on the Wikia Search site. "We are aware that the quality of the search results is low. Of course, before we start, we have no user feedback data. So the results are pretty bad. But we expect them to improve rapidly in coming weeks, so please bookmark the site and return often."
Headline Feeds
Talkback: 
