back to article Latest QuickTime Exploit targets both Macs and PCs

A US-based security researcher has published a single piece of code that can remotely compromise both PCs and Macs as long as they are running Apple's QuickTime media player. The exploit is at least the fourth to target a newly discovered security flaw in the way QuickTime interacts with servers that stream audio and video. Up …

COMMENTS

This topic is closed for new posts.
  1. Svein Skogen
    Happy

    Ahh, the warm, cozy feeling!

    After discovering that installing quicktime, even if you deselect the "bundle with iTunes" means getting iTunes the first chance the AppleUpdate has, I've learned to live without quicktime, and I don't miss it one bit.

    Remind me again why the iFanbois always seems to think that "Apple-labelled" equals "secure"?

    //Svein

  2. Daniel du Preez

    Quicktime? Who uses Quicktime?

    There's Quicktime Alternative for playing all those quicktime format files.

    http://www.free-codecs.com/download/QuickTime_Alternative.htm

    No idea if this is vulnerable to the same exploit but I doubt it.

  3. Mike Roantree

    Damn MacOS

    Would never let Itunez or QT anywhere near my PC but comes preinstalled with MacOS.

    Another huge patch then to download soon methinks.

  4. Anonymous Coward
    Paris Hilton

    payload

    "unleashes a payload" ... hmmm.

  5. Gordon Fecyk
    Pirate

    Standardized LART Form

    Standardized LART Form for poor computer security articles. Released under the GPL v2 for everyone to use. Please modify as needed. See http://www.gnu.org/

    Check all that apply to this article. You may have to delete unchecked items to fit in the space alloted by the author's comment form.

    For a copy of this form, visit:

    http://www.antiwindowscatalog.com/index.asp?mode=rant&id=50

    ======= Indices

    Troll-O-Meter: (6 out of 10) [X] 6. False prophet

    Flame Meter / Threat Level: (1 out of 10) [X] 1. Firecracker

    BS Meter: (4 out of 10) [X] 4. "We are not in the business of scaring people"

    ======= Conditions of exploitation

    Your article assumes the victim:

    [X] Uses Microsoft Windows [X] ...with Administrator access [X] ...and turns off User Account Control (Vista) [X] Uses MacOS X [X] ...and gladly provides his admin password to everything that asks for it

    The problem described was addressed:

    [X] More than a month ago by a simple workaround [X] ...more than five years ago [X] By turning off whatever useless feature has this problem

    Reproducing and/or exploiting the problem requires:

    [X] Clicking a malicious web link [X] ...while logged on as an Administrator

    ======= Umbrella salesmen predicting bad weather

    Your article cites:

    [X] A computer security firm [X] ...more than one firm

    The quoted person / firm / organization:

    [X] Claims they had known about and/or had fixed the problem [X] ...more than a month ago

    ======= Celebrities

    Your article cites:

    [X] An executive representing the exploited product

    The celebrity is relevant to this article because:

    [X] He or she attracts attention to the problem

    ======= Punishments

    For crafting this article, you deserve:

    [X] To be interviewed by... [X] ...John Leyden [X] ...Steve Gibson

    Before writing another security article, you must:

    [X] Ask one or more real security experts first [X] ...that don't work for computer security firms (Yes, they do exist.) [X] Ask a critic of whoever you're going to quote [X] Try reproducing the problem yourself [X] ...while logged on with a Limited (XP) or Standard (Vista) account [X] ...while leaving User Account Control (Vista) turned ON

  6. Anonymous Coward
    Anonymous Coward

    Thanks Apple

    To me it seems Apple has the ability to make more computers vulnerable than just Microsoft by itself. So, think about that for a minute. After all isn't it Apple that codes Quicktime/iTunes and codes Mac OS X? Do you think they say to themselves let us be more diligent and competent with Mac OS X? They are beginning to be a regular bug factory.

  7. Charlie Clark Silver badge
    Jobs Horns

    Agree with who uses Quicktime?

    I have to pay extra to watch something in fullscreen and it doesn't support all the codecs? Steve Jobs, you are a tosspot but a rich one.

    Thank fuck for OpenVLC which works wonderfully and looks great on Mac OS X - remote control included.

This topic is closed for new posts.

Other stories you might like