Headline Feeds
To the delight of some PC lovers irritated by years of taunting from Mac enthusiasts about Windows security flaws, Apple (Nasdaq: AAPL) this week issued security patches for its free QuickTime media player.
The patches, part of QuickTime 7.1.5, address eight "vulnerabilities" in the program and are for both Mac OS X and Windows versions. All of the security holes patched by the updated QuickTime product could have allowed "maliciously crafted" files to "lead to an application crash or arbitrary code execution," Apple said on its Web site.
Apple also released an update to iTunes called "iTunes 7.1." All eight of the patches affect QuickTime versions for Windows Vista, XP and 2000 while seven affect OS X from version 10.3.9 and on.
Apple last released a patch for QuickTime in January. That release fixed the so-called zero-day flaw discovered through the "Month of Apple Bugs" initiative in which experts revealed a month's worth of security issues for Apple software.
No Evidence
While some Windows advocates jumped on Apple's QuickTime patch release as an opportunity to criticize Apple, Kirk McElhearn, the author of several books about the MAC OS and other Apple products, told MacNewsWorld that Apple continues to outshine Microsoft (Nasdaq: MSFT) when it comes to security.
"Windows users can gloat all they want," he stated. "One of my activities is working for a Mac security company, so I'm pretty much in tune with what goes on in the security area for Macs. It's very fair to say what Apple says in its commercials: There are no viruses for Macs. It's not that there are no malware or exploits ... but, quite honestly, I haven't seen or heard of a real virus."
The seriousness of the vulnerabilities fixed by the new QuickTime patches is debatable. Upon reading the details provided by Apple, McElhearn said most appear to be rare "one in a billion things" not commonly cropping up on QuickTime use.
Not Too Serious
"The first possibility is something crashes," McElhearn explained. "Arbitrary code execution means someone can stick a payload into a QuickTime movie or an image file and it can activate but, given the way Macs work ... if something is going to touch parts of system, you are going to get an authentication dialog. It's not going to happen without people knowing, no matter what."
Apple's decision to bundle eight patches in one security release "makes sense," according to McElhearn, and is similar to the way the company usually reacts to security issues.
"Apple regularly issues security updates, but what's interesting here is there are eight fixes altogether," he pointed out. "They generally wait until they've got a few, unless it's something extremely critical. This one they did at the same time they released the new version of iTunes, which makes sense. It looks to me [that] they got this out just to go along with the iTunes update. ... Apple's never been the kind of company to react very quickly [to security issues] because they never really had to."
McElhearn noted he has a colleague who, using Parallels, is running Windows on an Intel-based Mac. Within a month of installing Windows on the computer, Windows came under attack by some malware.
