QuickTime Flaws Torment Apple for Seventh Time This Year
Nov 6, 2007 2:44 PM PT
Apple released another version of its QuickTime digital media player Monday. The latest edition of the application corrects seven potentially harmful security vulnerabilities discovered in previous versions of the software, QuickTime 7.2 and earlier.
Users of Windows XP and Windows Vista as well as users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later and Mac OS X v10.5 should download and install the QuickTime 7.3 update, according to Apple.
This is the seventh update Apple has released for QuickTime in 2007. Just one month ago, Apple released a fix for a critical flaw in the Windows version of the media player.
Pair of Sevens
The number of patches Apple has issued for QuickTime are unusually high for the Mac maker, Mike Haro, senior security consultant at Sophos, said. However, he cannot say whether the difficulties Apple is having with QuickTime are a consequence of its cross-platform use in both Macs and PCs.
"It is unclear to me as to why there are an unusual amount of patches for this vulnerability," he told MacNewsWorld. "It appears as if they are applying different patches to newly realized ways that this vulnerability can be exploited.
"But [cross-platform applications such as QuickTime and Safari] do represent enough of a target that hackers could see a reason to focus on infecting those users," Haro added.
Seventh Time's the Charm?
Six of the vulnerabilities could permit an attacker to install malware on a user's computer -- Mac or PC. Attackers exploit the flaw by enticing users to open a maliciously crafted movie or image file, according to Apple.
The seventh security bug deals with QuickTime for Java. These "multiple vulnerabilities" may enable "untrusted Java applets" elevated privileges. This could open the door for unauthorized access to sensitive personal information.
The vulnerabilities highlight the need for both Mac and PC owners to make sure that they have the latest patches.
"[Users need to] patch, patch, patch," Natalie Lambert, a Forrester Research analyst, told MacNewsWorld.
Repeated fixes aside, Haro said, Apple deserves a pat on the back for continuing to try and resolve this problem.
"Apple should be applauded for staying on top of the problem," he stated.