QuickTime Security Update for Windows
Apple has pushed out a security update for its QuickTime media player for Windows users. It might be a good idea not to let too much grass grow beneath your feet before installing this update: The vulnerability appears to be one that was detailed publicly online more than a year ago, and it looks like instructions showing would-be bad guys how to use the flaw to break into PCs have been available online for more than a month now.
According to the software vulnerability database maintained by The MITRE Corp., the just-patched flaw -- which can be exploited through malicious Web links -- may be the same one detailed by researcher Petko Petkov in Sept. 2006. Petkov released proof-of-concept exploit code for a similar flaw last month, after complaining that Apple had ignored his messages. That release prompted Mozilla to issue a stopgap fix for Firefox users.
Apple has not responded to my messages either, but as far as its own advisory is concerned, the flaw it fixed today is different from the one Petkov discovered.
In any event, Windows users can download the update via the Apple Software Updates program bundled with QuickTime. The current, patched version is QuickTime 7.2.0.245. Apple says this vulnerability is not present in Mac versions of QuickTime.
By
Brian Krebs
|
October 5, 2007; 3:23 PM ET
Categories:
New Patches
Save & Share:
Previous: A Notable Step in the Fight Against Phishing
Next: First the Campaign Ads, Then the Phishing...
Posted by: Rich Gibbs | October 5, 2007 4:18 PM | Report abuse
If you are running Windows 2000 or any older version of Windows, you should uninstall Quicktime. The latest patched version of Quicktime requires Windows XP SP2.
If you're running an older version of Windows, you'll have to go without Quicktime or accept having a big security hole in your system.
It's not such a big loss anyway. YouTube use Flash. And generally, Quicktime files tend to be offered alongside Windows Media Player files.
Posted by: Ken L | October 5, 2007 4:24 PM | Report abuse
>>If you're running an older version of Windows, you'll have to go without Quicktime or accept having a big security hole in your system.
>>
>>It's not such a big loss anyway. YouTube use Flash. And generally, Quicktime files tend to be offered alongside Windows Media Player files.
...speaking of "accept having a big security hole in your system".
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9037718
Posted by: Mark Odell | October 6, 2007 3:50 PM | Report abuse
QT is more like a virus on Vista than anything else, that's why it runs so badly!
Posted by: steve Ballmer | October 8, 2007 2:42 AM | Report abuse
...Or, you could try 3rd party free-of-charge open software, such as QT Alternative, from
http://www.free-codecs.com/download/QuickTime_Alternative.htm
Posted by: Solo Owl | October 15, 2007 10:13 PM | Report abuse
The comments to this entry are closed.
If for some reason you need to download the update directly (that is, not using Apple Software Update), you can get it from this page:
http://www.apple.com/support/downloads/securityupdateforquicktime72forwindows.html
It's a Windows software install (.msi) file. It doesn't give any message saying that it worked (either on XP or Vista), although it apparently did work, based on the version number and other checks in the Apple bulletin.