Apple Inc. patched QuickTime late Wednesday to fix 11 flaws in the Mac and Windows versions of the media player. All but two of the bugs could be used by hackers to hijack users' machines.
QuickTIme 7.4.5 — the third security update Apple has released for the program so far in 2008 — plugs vulnerabilities in how the player handles Java and PICT image files, parses some data objects and uses Animation codec content, among others. Nine of the 11 bugs patched Wednesday were characterized by Apple as allowing "arbitrary code execution," a phrase the company uses to describe the most serious threats. Unlike vendors such as Microsoft Corp. and Oracle Corp., Apple doesn't rank the bugs it fixes with a scoring or labeling system.
Many of the vulnerabilities can be exploited if attackers are able to trick users into visiting malicious Web sites or open rigged files. Of those in the second category, Apple warned that some of the bugs could be triggered by malicious movie or PICT files. Mac users can upgrade to QuickTime 7.4.5 using the operating system's built-in Software Update feature, while Windows users can either download the new edition from the Apple site or use the optional Windows update tool.
Download: Apple Quicktime v7.4.5 | ~22 MB for Windows (without iTunes)
News Source: Computer World
QuickTIme 7.4.5 — the third security update Apple has released for the program so far in 2008 — plugs vulnerabilities in how the player handles Java and PICT image files, parses some data objects and uses Animation codec content, among others. Nine of the 11 bugs patched Wednesday were characterized by Apple as allowing "arbitrary code execution," a phrase the company uses to describe the most serious threats. Unlike vendors such as Microsoft Corp. and Oracle Corp., Apple doesn't rank the bugs it fixes with a scoring or labeling system.
Many of the vulnerabilities can be exploited if attackers are able to trick users into visiting malicious Web sites or open rigged files. Of those in the second category, Apple warned that some of the bugs could be triggered by malicious movie or PICT files. Mac users can upgrade to QuickTime 7.4.5 using the operating system's built-in Software Update feature, while Windows users can either download the new edition from the Apple site or use the optional Windows update tool.
Download: Apple Quicktime v7.4.5 | ~22 MB for Windows (without iTunes) News Source: Computer World
I don't remember the last ActiveX related patch for IE7 though. I guess it's stopped being a issue for me with IE7 and it's add-on manager.
Not only did the Apple Software Updater "forget" that I told him to ignore the Safari update and never intend to install it (of course the option reappeared because Apple is trying to trick Windows users into installing their browser) but secondly the update shows again Apple's way of forcing users to adopt everything King Jobs decides which is best for their users, without letting them a choice.
After installing the iTunes update, even without ever having run iTunes on my PC, the Apple updater forced all my mp3, wav, aac music files to be played automatically with the damn iTunes by overwriting my previous file associations. I really hate when programs overwrite my settings without even asking my permission.
I guess Apple users are comfortable with that but I am not. As a windows user, I like to have control over my system, knowing where all my files are stored and be able to decide what's best for me by myself.
I really would like to see quicktime and itunes again separated because I will most probably never uses iTunes.
Another thing I noticed is that the Apple Updater started itself automatically even without any apple software running. What secret background service have they again installed to perform this? And why does the installer not ask me if I want to install the Apple Mobile device support or not because I don't want to install... ever
Yes, Windows often get complained about because it's so "nagging" and makes users take more decisions, when Apple "just works" with a minimum of user interaction. However, if not done right and the designers are *too* afraid of asking, it can lead to problems like these. There are extremes on both sides that are best avoided, IMHO.
Sidebar: Does anyone know how to get "Malicious Software Removal Tool" to stop being in the update queue? I always deselect it and tell it not to remind me again. But damnit, it's always there! Always!
Last edited by Axon on 04 Apr 2008 - 16:44
iTunes depends on QuickTime, so you can't have iTunes without QT. However, you can have QT without iTunes. Just get the QT-only installer. When you go to QT's download page it gives you an option with iTunes and without iTunes.
Even if you did accidentally install iTunes, you can just uninstall it. Uninstalling iTunes doesn't uninstall QuickTime.
Sidebar: Does anyone know how to get "Malicious Software Removal Tool" to stop being in the update queue? I always deselect it and tell it not to remind me again. But damnit, it's always there! Always!
It is because a new version is released every month..
It's the same software though. All they're doing is updating the definitions and giving it a new name. Sounds like of like a point update to me.
Last edited by Axon on 06 Apr 2008 - 03:15
I installed QT once and got rid of it quick. if sites want to show their videos in .mov I'll just go find them somewhere else.
Also, people checked and it doesn't fix the "Quicktime has black controls in Firefox under Vista x64" bug (I couldn't comment on this one since I don't use Firefo
Avi.
Examples of files I download regularly:
http://http-trd-l3.cdn.turner.com/cnn/serv...t.04.03.cnn.m4v
http://a.media.abcnews.com/podcasts/WN/08/...wn_webcasta.mov
Glad to see they've plugged some holes. Can't speak to it sucking in Windows though as I use OS X. Although, back when I used XP it was definitely slow.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.