Apple pushed out an update for QuickTime on Wednesday that fixes 16 vulnerabilities, many critical. Users of both Windows and Apple systems are advised to upgrade to guard against flaws that mean playing malformed media files using older versions of QuickTime can drop malware onto vulnerable systems. Malicious image files …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 1st April 2010 13:31 GMT Imaginfinity

Bad Timing - Or just lack of research?

Three seconds with a well-known search engine reveal that Quicktime 7 is legacy software only run on Mac OS X 10.5.x and Windows - the current version of Quicktime (X) was updated during the general OS update (10.6.3) earlier this week. Maybe you should get someone to write about macs who uses one.

2 3
1. Thursday 1st April 2010 14:11 GMT nicolas
  
  not exactly
  
  You can install quicktime 7 over snow leopard, in order to use the advanced editing functions that are still lacking in quicktime X.
  
  (toasted !)
  
  1 1
  1. Thursday 1st April 2010 16:33 GMT Imaginfinity
    
    not exactly is not exactly correct either
    
    You can install quicktime 7 over snow leopard, in order to use the advanced editing functions that are still lacking in quicktime X.
    
    (toasted !)
    
    well, if you check out the updater, you will find that it is specifically for Leopard (Mac OSX 10.5) only. You have to get up a lot earlier before you can claim to toast anybody.
    
    1 0
    1. Thursday 1st April 2010 23:17 GMT nicolas
      
      nope
      
      you said :
      
      "Three seconds with a well-known search engine reveal that Quicktime 7 is legacy software only run on Mac OS X 10.5.x and Windows"
      
      Which is not the case. I have it installed on snow leopard, and it lives next to quicktime X.
      
      Now, this *update* is for leopard, which is right, I was only pointing that QT7 could indeed be installed.
      
      0 0
Thursday 1st April 2010 13:31 GMT nicolas

precisions

Maybe you could give us a little more details about who needs this patch.

From what I understood, it's only for os versions < snow leopard, even for

people who installed quicktime 7 over 10.6.

But now you make me doubt, could you please update your article to reflect

this ?

thanks

0 0
Thursday 1st April 2010 13:36 GMT chr0m4t1c

Why is a fixed cycle better?

Many other OS/software vendors release patches when they are ready rather than waiting for a specific cycle.

Granted, enterprise OS/software vendors often also release patch bundles (service packs, whatever) on a regular basis, but that's to allow the corporate customers to plan their own release cycles and they usually release patches in between on a more ad-hoc basis - particularly security patches. All of the vendors in the article have released security patches outside of the normal regular release cycle.

So while this does look like a dropped ball in that they probably should have released all of the patches on the same day, as Apple are operating largely in the consumer space I can't see why it's such a big deal, particularly if user's machines only check for patches once a week (IIRC that's the Apple default). Most users will just pick up all of the patches in one hit whenever their machine next checks.

1 0
Thursday 1st April 2010 13:36 GMT Anonymous Coward

Regular patch cycles?

Uh, if you want a weekly patch cycle, set it to check once a week.

If you want monthly patch cycles, set it to check once a month.

Why all the howling about irregular patch cycles? Just tell me when it's broke so I can fix it.

I know Microsoft have a regular cycle, but it doesn't mean everyone else has to!

1 0
1. Thursday 1st April 2010 15:18 GMT Test Man
  
  Exactly
  
  It's funny that The Reg are criticising (in a snide way) irregular patch cycles, because they don't fail to criticise Microsoft for adopting a regular patch cycle. So which is it? And in fact, does it REALLY matter?
  
  Personally I'd prefer a irregular patch cycle, in other words, once the developer has a patch ready, they should release it, end of. People in systems administrating are more than capable of devising their own regular patch cycle so they shouldn't force others to adopt to the same (referring to the whining years ago that eventually got Microsoft to change to a regular patch cycle).
  
  2 0
Thursday 1st April 2010 14:10 GMT Kevin Johnston

Regular patches

Surely setting a regular patch cycle infers you know your products are regularly broken?

Too simple?

0 1
Thursday 1st April 2010 14:11 GMT Anonymous Coward

Questions? SLIA

= See Link In Article. The update is for 10.5.8 and Windows, not 10.6, not 10.4. If you are running 10.6 some issues are fixed in 10.6.2, others in 10.6.3 and if you are still on 10.4, as I am, you're SOL. That is all.

1 0
Thursday 1st April 2010 14:11 GMT Rolf Howarth

@Imaginfinity

QuickTime 7 and QuickTime X do different things, so you can't say QuickTime 7 is a legacy API. QuickTime X is an optimised engine for playback of media on Snow Leopard (as well as iPhones and iPads). QuickTime 7 is used for content creation, and for things like installing additional codecs.

The recent Mac OS X 10.6.3 already updated QuickTime to 7.6.6. This new standalone update does the same thing for Mac OS X 10.4 and 10.5 and Windows.

2 0
Thursday 1st April 2010 14:19 GMT Anonymous Coward

Bad Timing?

Let me get this straight. The author, by advocating a fixed patch-release schedule, would have been happier with the potential situation whereby users had to wait A MONTH for the QuickTime update, instead of a day??

OK, the author was suggesting that the original patch would have been delayed by a day, but the scenario I outlined above is still plausible (I believe Microsoft have delayed critical updates by nearly three weeks in the past, so as to stick to their sacred "Patch Tuesday").

Apple employ my preferred update cycle: daily (of course, some days there are no patches ;-) ).

4 1
1. Thursday 1st April 2010 16:54 GMT Not That Andrew
  
  Hmm?
  
  I think what the author is suggesting is that they should have released it last week, along with the OSX 10.6 update, as the 10.6 update apparently included the same patches for QuickTime on 10.6.
  
  0 0
  1. Thursday 1st April 2010 23:17 GMT Anonymous Coward
    
    Re: Hmm?
    
    Yes, but presumably the patch wasn't ready last week, otherwise Apple would have released it then. Therefore, either the original patch would have had to be delayed by a week until the QuickTime patch was ready or, if the suggested monthly patch day fell between the two patch releases, the QuickTime update would have to be withheld for nearly a month.
    
    Both involve an artificial delay to a patch release, and I don't agree that such an approach is in Mac owners' best interests.
    
    1 0
Thursday 1st April 2010 16:33 GMT morphoyle

It works already

Apple shouldn't even need a "patch cycle." Why would you need to patch something that already "Just works?"

1 4
1. Thursday 1st April 2010 23:18 GMT mark.010
  
  Oh give it a rest.
  
  Please!
  
  1 1
Thursday 1st April 2010 16:54 GMT Kevin 6

Easier way to fix quick time

Uninstall it and carry on with life

no one needs that buggy memory hog POS on their PC

I find it more of a memory hog and buggy than adobe flash which saint jobs loves to make fun of.

I quit using it over 5 years ago and don't miss it.

2 1
Friday 2nd April 2010 18:59 GMT Anonymous Coward

@Kevin 6

"I quit using it over 5 years ago"

So you know f**k all about it then?

0 2
Friday 2nd April 2010 19:00 GMT Anonymous Coward

Quicktime? not needed!

I removed all things related to apple from my PC months ago. I have not missed quicktime for one second. It's just not needed at all. VLC plays .movs just fine.

2 0
Friday 2nd April 2010 19:02 GMT Mark Jonson

Patch cycles are annoying, here's a real solution

There are so many different products with different patch cycles that it makes no difference. On an average consumer PC you may have Adobe (Reader), Apple (Quicktime, iTunes), Google (Chrome, Earth, Talk), Microsoft (Office, Windows, and likely more), Mozilla (Firefox, Thunderbird), and countless other products like Skype. Patch cycles make no difference since all these different software makers are still on their own schedules. Instead of using a patch cycle, all these products should plug into Windows Update/Microsoft Update and patch their products through that one interface which can be scheduled and if desired, controlled with an enterprise distribution server like WSUS.

2 1