No One Can Afford an Attack - Find the best Cybersecurity Pros to Protect Your Business Data
Welcome Guest | Sign In

QuickTime Flaws Torment Apple for Seventh Time This Year

By Walaika Haskins MacNewsWorld ECT News Network
Nov 6, 2007 2:44 PM PT

Apple released another version of its QuickTime digital media player Monday. The latest edition of the application corrects seven potentially harmful security vulnerabilities discovered in previous versions of the software, QuickTime 7.2 and earlier.

QuickTime Flaws Torment Apple for Seventh Time This Year

Users of Windows XP and Windows Vista as well as users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later and Mac OS X v10.5 should download and install the QuickTime 7.3 update, according to Apple.

This is the seventh update Apple has released for QuickTime in 2007. Just one month ago, Apple released a fix for a critical flaw in the Windows version of the media player.

Pair of Sevens

The number of patches Apple has issued for QuickTime are unusually high for the Mac maker, Mike Haro, senior security consultant at Sophos, said. However, he cannot say whether the difficulties Apple is having with QuickTime are a consequence of its cross-platform use in both Macs and PCs.

"It is unclear to me as to why there are an unusual amount of patches for this vulnerability," he told MacNewsWorld. "It appears as if they are applying different patches to newly realized ways that this vulnerability can be exploited.

"But [cross-platform applications such as QuickTime and Safari] do represent enough of a target that hackers could see a reason to focus on infecting those users," Haro added.

Seventh Time's the Charm?

Six of the vulnerabilities could permit an attacker to install malware on a user's computer -- Mac or PC. Attackers exploit the flaw by enticing users to open a maliciously crafted movie or image file, according to Apple.

The seventh security bug deals with QuickTime for Java. These "multiple vulnerabilities" may enable "untrusted Java applets" elevated privileges. This could open the door for unauthorized access to sensitive personal information.

The vulnerabilities highlight the need for both Mac and PC owners to make sure that they have the latest patches.

"[Users need to] patch, patch, patch," Natalie Lambert, a Forrester Research analyst, told MacNewsWorld.

Repeated fixes aside, Haro said, Apple deserves a pat on the back for continuing to try and resolve this problem.

"Apple should be applauded for staying on top of the problem," he stated.

Should government regulators force the breakup of big tech companies?
Yes -- it's the only way to restore competition.
No -- breaking them up would make them less useful to consumers.
Yes -- it would encourage entrepreneurship and innovation.
No -- but some regulation is needed to restrict their power.
Yes -- but only the firms that function as utilities.
No -- the government should keep its hands off and let the market decide.