Latest QuickTime Exploit targets both Macs and PCsPosted Thursday 29th November 2007 12:52 GMT
After discovering that installing quicktime, even if you deselect the "bundle with iTunes" means getting iTunes the first chance the AppleUpdate has, I've learned to live without quicktime, and I don't miss it one bit.
Remind me again why the iFanbois always seems to think that "Apple-labelled" equals "secure"?
//Svein
Posted Thursday 29th November 2007 13:23 GMT
There's Quicktime Alternative for playing all those quicktime format files.
http://www.free-codecs.com/download/QuickTime_Alternative.htm
No idea if this is vulnerable to the same exploit but I doubt it.
Posted Thursday 29th November 2007 19:42 GMT
Would never let Itunez or QT anywhere near my PC but comes preinstalled with MacOS.
Another huge patch then to download soon methinks.
Posted Thursday 29th November 2007 21:03 GMT
Standardized LART Form for poor computer security articles. Released under the GPL v2 for everyone to use. Please modify as needed. See http://www.gnu.org/
Check all that apply to this article. You may have to delete unchecked items to fit in the space alloted by the author's comment form.
For a copy of this form, visit:
http://www.antiwindowscatalog.com/index.asp?mode=rant&id=50
======= Indices
Troll-O-Meter: (6 out of 10) [X] 6. False prophet
Flame Meter / Threat Level: (1 out of 10) [X] 1. Firecracker
BS Meter: (4 out of 10) [X] 4. "We are not in the business of scaring people"
======= Conditions of exploitation
Your article assumes the victim:
[X] Uses Microsoft Windows [X] ...with Administrator access [X] ...and turns off User Account Control (Vista) [X] Uses MacOS X [X] ...and gladly provides his admin password to everything that asks for it
The problem described was addressed:
[X] More than a month ago by a simple workaround [X] ...more than five years ago [X] By turning off whatever useless feature has this problem
Reproducing and/or exploiting the problem requires:
[X] Clicking a malicious web link [X] ...while logged on as an Administrator
======= Umbrella salesmen predicting bad weather
Your article cites:
[X] A computer security firm [X] ...more than one firm
The quoted person / firm / organization:
[X] Claims they had known about and/or had fixed the problem [X] ...more than a month ago
======= Celebrities
Your article cites:
[X] An executive representing the exploited product
The celebrity is relevant to this article because:
[X] He or she attracts attention to the problem
======= Punishments
For crafting this article, you deserve:
[X] To be interviewed by... [X] ...John Leyden [X] ...Steve Gibson
Before writing another security article, you must:
[X] Ask one or more real security experts first [X] ...that don't work for computer security firms (Yes, they do exist.) [X] Ask a critic of whoever you're going to quote [X] Try reproducing the problem yourself [X] ...while logged on with a Limited (XP) or Standard (Vista) account [X] ...while leaving User Account Control (Vista) turned ON
Posted Thursday 29th November 2007 21:32 GMT
To me it seems Apple has the ability to make more computers vulnerable than just Microsoft by itself. So, think about that for a minute. After all isn't it Apple that codes Quicktime/iTunes and codes Mac OS X? Do you think they say to themselves let us be more diligent and competent with Mac OS X? They are beginning to be a regular bug factory.
Posted Thursday 29th November 2007 21:32 GMT
I have to pay extra to watch something in fullscreen and it doesn't support all the codecs? Steve Jobs, you are a tosspot but a rich one.
Thank fuck for OpenVLC which works wonderfully and looks great on Mac OS X - remote control included.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
