Network News

X My Profile
View More Activity

Apple Issues QuickTime Update for Mac, Windows

Apple on Wednesday pushed out an update to its QuickTime media player software, fixing at least 11 security vulnerabilities in the software for both Mac and Windows systems.

Mac users can get the latest version through Software Update. Windows QuickTime users will need to use the bundled Apple Software Update application. Apple likes to bundle QuickTime with iTunes, but plenty of Windows users want to keep their QuickTime installs up-to-date without installing iTunes. I used to know of a fairly reliable link from which people could download a QuickTime-only standalone installer, but that link seems to have disappeared. If anyone can locate the official link for the standalone installer, I will update this post with that information.

QuickTime vulnerabilities are dangerous because exploiting them can be as simple for an attacker as tricking someone into clicking on a malicious video link. As I noted in my roundup of Apple patches from 2007, QuickTime vulnerabilities have presented far more of a threat for Windows users than they have for the users of the operating system for which this program was originally designed. In this update, we can see that while Windows is affected by all 11 of the flaws fixed in this patch release, the OS X version of QuickTime is only plagued by eight of the vulnerabilities.

Update, April 3, 9:36 a.m.: Apple is currently listing the vulnerabilities fixed in this QuickTime update under a link that takes readers to a page about information on a digital camera compatibility update. As of this writing, the link for the camera update contains the details about this QuickTime patch.

By Brian Krebs  |  April 3, 2008; 6:45 AM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: 8.3 Million Records Spilled in Data Breaches This Year
Next: Secret Service Agent To Lead DHS Cyber Division


What's with the link in the story? It doesn't describe the Quicktime update, but "Digital Camera RAW Compatibility Update 2.0". The Apple Security Updates page has the same error.

Posted by: Larry Seltzer | April 3, 2008 7:21 AM | Report abuse

IF you have an Apple computer, the updates appear separately and you can unclick the iTunes one and just download the Quicktime update.

Posted by: nmaif | April 3, 2008 7:40 AM | Report abuse

the usual link works for me.

Posted by: rdm | April 3, 2008 8:10 AM | Report abuse

Apple crossed up the links - seems correct.

And just to make sure to upset the maximum number of people, the Apple Updater tries to suggest installing Safari AND iTunes on a system which has only QuickTime installed.

Posted by: Moike | April 3, 2008 8:20 AM | Report abuse

QuickTime without iTunes can be found at the Secunia web page describing the vulnerabilities:

There are separate links for Windows, and various versions of the Mac OS.

Posted by: Beamer | April 3, 2008 8:47 AM | Report abuse

On Windows XP if you run the Apple Software Update manually is gives you the choice of software:
quicktime + itunes

just uncheck the itunes and safari options

Posted by: Fairfax1 | April 3, 2008 10:19 AM | Report abuse

Since Apple is by definition perfect, those patches couldn't possibly have been for "vulnerabilities" or any other kind of "problem." No, no, they must have been, um, undocumented add-ons? Yeah, that's the ticket.

Posted by: Jane | April 3, 2008 10:31 AM | Report abuse

You can get the installer without iTunes here:

Posted by: Bob | April 3, 2008 11:21 AM | Report abuse

@Jane - I don't think that most of us who prefer Apple over MS feel that by definition Apple is perfect. It is just that there are far fewer security vulnerablilites with Apple in today's computing environment. Here at work there is an IT department that gets to deal with all of those issues in our MS evironment. At home, I don't want to spend my time battling viruses, malware, rootkits, keyloggers, etc and the many variants of software to protect against them, so I use Apple.

Posted by: BP | April 3, 2008 12:04 PM | Report abuse

My advice to all would be to implement a similar policy used on most corporate networks, one that dictates foregoing QuickTime unless an absolute need can be justified for its use. The software is just too bloated and bug ridden. Same can be said for RealPlayer which currently has an unpatched bug being exploited (see link below)

The "bundling" issue Apple is so fond of with many of their products rubs me the wrong way. As is mentioned here, how many start out with just QuickTime and through the updater defaults end up (to their surprise) getting iTunes or even Safari also? Apple would be wiser to choose the opposite policy to "opt in". Going a step further, the requirement of the proprietary iTunes software (which includes QuickTime) to use an iPod or to activate an iPhone. Or that OS X includes Java software built into the operating system. That's too closed an ecosystem for my taste. I'll pass on the Apple flavored koolaid, thank you.

Posted by: TJ | April 3, 2008 4:08 PM | Report abuse


Although I believe Jane was being sarcastic, her comment holds some truth in regards to the elitist attitude taken by many Apple fan boys. ;P

BTW, I've been using Windows systems for ten plus years (at work and home) and don't spend time battling anything because the systems are properly secured using defense in depth strategies. So switching platforms alone will only provide a false sense of security.

Posted by: TJ | April 3, 2008 5:26 PM | Report abuse

I wish Apple would fix out Mac Book Pros! The wireless has major issues that we have been struggling with ever since the release of OS X 10.5.2. The apple message boards are filling with users who can't get their wireless to work and it's getting worse.


Posted by: Ed Hetzel | April 3, 2008 7:47 PM | Report abuse

>>I used to know of a fairly reliable link from which people could download a QuickTime-only standalone installer, but that link seems to have disappeared.

Once again, for those of us for whom the official links simply don't work:

Posted by: Mark Odell | April 3, 2008 8:31 PM | Report abuse

As of today, April 11, Apple has posted 8 Software Update programs, from iLife Support to Security Update 2008-002.

As a very long time Apple user, I would recommend NOT to install ANY of them. After the fiasco of 10.5 (even 10.0 wasn't that bad)and countless blunders in firmware and app updates by Apple, it has became obvious that whoever runs SW at Apple should be tarred and feathered and put on a rail out of town and whoever tests it should go back to a simpler job, such as shoveling the proverbial against the tide.

The loss in quality and reliability since the advent of Leopard is a sure sign of incompetence. Has John Scully been hired again?


Posted by: Robert Rindberg | April 11, 2008 12:50 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company