http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/ Engadget Comments for Apple issues fix for recently discovered QuickTime flaw http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
This is actually standard practice. If you read the release notes for Apple security updates, you'll see that they routinely give credit for bugs reported by outside parties. For instance, Security Update 2007-004 include hat-tips to Kevin Finisterre, Month of Apple Bugs, Mu Security Research Team, etc.

http://docs.info.apple.com/article.html?artnum=305391

Likewise, Apple didn't "seemingly" tip its hat in this case -- it was a pretty clear-cut credit. From the release notes for the QuickTime update:

"Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue."

http://docs.info.apple.com/article.html?artnum=305446]]>May 2nd 2007 9:38AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 9:57AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
How on earth do you arrive at this logic? The fact that quicktime is crossplatform didn't make it insecure. Last I checked having some version of Quake on your system doesn't mean your system is all of a sudden vulnerable just because it is crossplatform. Quicktime could have only been supported on the mac and it would have STILL had the vulnerability as the reliance on Java is for browser extensiblity (hence the attack vector through Safari in the original discovery) rather than multiplatform support.

If that isn't convincing enough I have a .dmg file for you to download in safari. Don't worry, you don't need to install any of the security updates for safari that apple has released specifically because there are a wealth of known exploits on OS X systems via safari's automatic and improper parsing of .dmg files. Apparently according to your logic Safari should be perfectly safe out of the box since it is OS X specific. In fact, why don't you stop installing any of the QUARTERLY security patches that Apple releases for OS X, patches that address dozens of security vulnerabilities per patch, and instead only update quicktime and iTunes since they are cross platform. I'm sure your system will be invulnerable anyway. Dumbass.

"QuickTime (of all things), "
Not entirely surprising. Quicktime has been none to have security issues in the past (just do a websearch and you will find plenty of articles from security researchers on the subject). Moreover, a great majority of security vulnerabilites on any platform are application level rather than OS level. There are dozens of pieces of malware that propogate because of a flaw in flash that will automatically download and execute code. The last version of Acrobat will arbitrariliy execute code embedded in compromised pdfs (hence the recent update). It isn't surprising quicktime also is an attack vector, especially since it integrates with the webbrowser to a degree (actually, that was specifically the reason this time, since the flaw found exploits a weakness resulting from using Java to help with this browser integration).]]>May 2nd 2007 1:26PMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
I believe it was a reference to the wireless exploit found by Maynor and Ellch - it was a somewhat high-profile controversy since Apple issued a patch for the problem after denying the issue, and without giving the researchers any credit.]]>May 2nd 2007 9:54AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 10:16AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 10:14AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 10:39AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
Can anybody tell Apple to "fix" their Windows version of QuickTime. They update iTunes often enough to annoy everybody by forced installation of QuickTime Player which always: (1) puts icon into the tray (and useless resident to show the icon) (2) put shortcut of QuickTime player on desktop (though no sane person on PC would ever use QuickTime) and (3) put icon into QuickLaunch bar - though *nobody* even wanted to install QuickTime in first place - 90% of people have QT only because of iTunes.

I'd say: "Apple, keep QuickTime and kill the abomination called 'QuickTime Player', it is useless anyway."]]>May 2nd 2007 10:40AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
Can anybody tell Apple to "fix" their Windows version of QuickTime. They update iTunes often enough to annoy everybody by forced installation of QuickTime Player which always: (1) puts icon into the tray (and useless resident to show the icon) (2) put shortcut of QuickTime player on desktop (though no sane person on PC would ever use QuickTime) and (3) put icon into QuickLaunch bar - though *nobody* even wanted to install QuickTime in first place - 90% of people have QT only because of iTunes.

I'd say: "Apple, keep QuickTime and kill the abomination called 'QuickTime Player', it is useless anyway.""

boohoo, im sure ya wont notice one more flaw in security in windows lol]]>May 2nd 2007 10:59AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
Yeah right.

Every Mac and Apple software I have owned has been buggy. This article doesn't surprise me one bit.]]>May 2nd 2007 11:40AMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 12:06PMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/May 2nd 2007 12:16PMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/Don't get your panties all tied up into knots about that topic, it is really boring anyways.
Someday, all OSs will be nearly the same, and most people won't give a rats ass, like most people already don't care much about computers today.]]>May 2nd 2007 1:17PMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
Also, this was not just a security fix. Quicktime 7.1.6 adds support for Final Cut Studio 2 and closed captioning display, but I haven't been able to find more information about this latter enhancement. Does this mean closed captioning could now theoretically be added to video content purchased from iTS?]]>May 2nd 2007 12:57PMhttp://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/http://www.engadget.com/2007/05/02/apple-issues-fix-for-recently-discovered-quicktime-flaw/
and come on, Full Screen is a PAID option? are you kidding?

I still dont get the security thing.. Install a FREE antivirus like AVG and a free firewall and your set. dont gimme the but on a mac.. macs have more issues in other areas. time wise your far better off on a PC]]>May 2nd 2007 11:42PM