A US-based security researcher has published a single piece of code that can remotely compromise both PCs and Macs as long as they are running Apple's QuickTime media player. The exploit is at least the fourth to target a newly discovered security flaw in the way QuickTime interacts with servers that stream audio and video. Up …
Ahh, the warm, cozy feeling!
After discovering that installing quicktime, even if you deselect the "bundle with iTunes" means getting iTunes the first chance the AppleUpdate has, I've learned to live without quicktime, and I don't miss it one bit.
Remind me again why the iFanbois always seems to think that "Apple-labelled" equals "secure"?
Quicktime? Who uses Quicktime?
There's Quicktime Alternative for playing all those quicktime format files.
No idea if this is vulnerable to the same exploit but I doubt it.
Would never let Itunez or QT anywhere near my PC but comes preinstalled with MacOS.
Another huge patch then to download soon methinks.
"unleashes a payload" ... hmmm.
Standardized LART Form
Standardized LART Form for poor computer security articles. Released under the GPL v2 for everyone to use. Please modify as needed. See http://www.gnu.org/
Check all that apply to this article. You may have to delete unchecked items to fit in the space alloted by the author's comment form.
For a copy of this form, visit:
Troll-O-Meter: (6 out of 10) [X] 6. False prophet
Flame Meter / Threat Level: (1 out of 10) [X] 1. Firecracker
BS Meter: (4 out of 10) [X] 4. "We are not in the business of scaring people"
======= Conditions of exploitation
Your article assumes the victim:
[X] Uses Microsoft Windows [X] ...with Administrator access [X] ...and turns off User Account Control (Vista) [X] Uses MacOS X [X] ...and gladly provides his admin password to everything that asks for it
The problem described was addressed:
[X] More than a month ago by a simple workaround [X] ...more than five years ago [X] By turning off whatever useless feature has this problem
Reproducing and/or exploiting the problem requires:
[X] Clicking a malicious web link [X] ...while logged on as an Administrator
======= Umbrella salesmen predicting bad weather
Your article cites:
[X] A computer security firm [X] ...more than one firm
The quoted person / firm / organization:
[X] Claims they had known about and/or had fixed the problem [X] ...more than a month ago
Your article cites:
[X] An executive representing the exploited product
The celebrity is relevant to this article because:
[X] He or she attracts attention to the problem
For crafting this article, you deserve:
[X] To be interviewed by... [X] ...John Leyden [X] ...Steve Gibson
Before writing another security article, you must:
[X] Ask one or more real security experts first [X] ...that don't work for computer security firms (Yes, they do exist.) [X] Ask a critic of whoever you're going to quote [X] Try reproducing the problem yourself [X] ...while logged on with a Limited (XP) or Standard (Vista) account [X] ...while leaving User Account Control (Vista) turned ON
To me it seems Apple has the ability to make more computers vulnerable than just Microsoft by itself. So, think about that for a minute. After all isn't it Apple that codes Quicktime/iTunes and codes Mac OS X? Do you think they say to themselves let us be more diligent and competent with Mac OS X? They are beginning to be a regular bug factory.
Agree with who uses Quicktime?
I have to pay extra to watch something in fullscreen and it doesn't support all the codecs? Steve Jobs, you are a tosspot but a rich one.
Thank fuck for OpenVLC which works wonderfully and looks great on Mac OS X - remote control included.