Network News

X My Profile
View More Activity

QuickTime Security Update for Windows

Apple has pushed out a security update for its QuickTime media player for Windows users. It might be a good idea not to let too much grass grow beneath your feet before installing this update: The vulnerability appears to be one that was detailed publicly online more than a year ago, and it looks like instructions showing would-be bad guys how to use the flaw to break into PCs have been available online for more than a month now.

According to the software vulnerability database maintained by The MITRE Corp., the just-patched flaw -- which can be exploited through malicious Web links -- may be the same one detailed by researcher Petko Petkov in Sept. 2006. Petkov released proof-of-concept exploit code for a similar flaw last month, after complaining that Apple had ignored his messages. That release prompted Mozilla to issue a stopgap fix for Firefox users.

Apple has not responded to my messages either, but as far as its own advisory is concerned, the flaw it fixed today is different from the one Petkov discovered.

In any event, Windows users can download the update via the Apple Software Updates program bundled with QuickTime. The current, patched version is QuickTime 7.2.0.245. Apple says this vulnerability is not present in Mac versions of QuickTime.

By Brian Krebs  |  October 5, 2007; 3:23 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: A Notable Step in the Fight Against Phishing
Next: First the Campaign Ads, Then the Phishing...

Comments

If for some reason you need to download the update directly (that is, not using Apple Software Update), you can get it from this page:

http://www.apple.com/support/downloads/securityupdateforquicktime72forwindows.html

It's a Windows software install (.msi) file. It doesn't give any message saying that it worked (either on XP or Vista), although it apparently did work, based on the version number and other checks in the Apple bulletin.

Posted by: Rich Gibbs | October 5, 2007 4:18 PM | Report abuse

If you are running Windows 2000 or any older version of Windows, you should uninstall Quicktime. The latest patched version of Quicktime requires Windows XP SP2.

If you're running an older version of Windows, you'll have to go without Quicktime or accept having a big security hole in your system.

It's not such a big loss anyway. YouTube use Flash. And generally, Quicktime files tend to be offered alongside Windows Media Player files.

Posted by: Ken L | October 5, 2007 4:24 PM | Report abuse

>>If you're running an older version of Windows, you'll have to go without Quicktime or accept having a big security hole in your system.
>>
>>It's not such a big loss anyway. YouTube use Flash. And generally, Quicktime files tend to be offered alongside Windows Media Player files.

...speaking of "accept having a big security hole in your system".
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037718

Posted by: Mark Odell | October 6, 2007 3:50 PM | Report abuse

QT is more like a virus on Vista than anything else, that's why it runs so badly!

Posted by: steve Ballmer | October 8, 2007 2:42 AM | Report abuse

...Or, you could try 3rd party free-of-charge open software, such as QT Alternative, from
http://www.free-codecs.com/download/QuickTime_Alternative.htm

Posted by: Solo Owl | October 15, 2007 10:13 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company