QuickTime Security Update for Windows
Apple has pushed out a security update for its QuickTime media player for Windows users. It might be a good idea not to let too much grass grow beneath your feet before installing this update: The vulnerability appears to be one that was detailed publicly online more than a year ago, and it looks like instructions showing would-be bad guys how to use the flaw to break into PCs have been available online for more than a month now.
According to the software vulnerability database maintained by The MITRE Corp., the just-patched flaw -- which can be exploited through malicious Web links -- may be the same one detailed by researcher Petko Petkov in Sept. 2006. Petkov released proof-of-concept exploit code for a similar flaw last month, after complaining that Apple had ignored his messages. That release prompted Mozilla to issue a stopgap fix for Firefox users.
Apple has not responded to my messages either, but as far as its own advisory is concerned, the flaw it fixed today is different from the one Petkov discovered.
In any event, Windows users can download the update via the Apple Software Updates program bundled with QuickTime. The current, patched version is QuickTime 18.104.22.168. Apple says this vulnerability is not present in Mac versions of QuickTime.
Posted by: Rich Gibbs | October 5, 2007 4:18 PM | Report abuse
Posted by: Ken L | October 5, 2007 4:24 PM | Report abuse
Posted by: Mark Odell | October 6, 2007 3:50 PM | Report abuse
Posted by: steve Ballmer | October 8, 2007 2:42 AM | Report abuse
Posted by: Solo Owl | October 15, 2007 10:13 PM | Report abuse
The comments to this entry are closed.