quicktime
Latest
Apple releases QuickTime patch to close exploit
Two weeks ago, Second Life users were warned of a flaw in QuickTime that allowed carefully crafted QuickTime datastreams and file headers to access their accounts through the viewer, and could potentially be used to steal items and Linden Dollars. The flaw was in QuickTime itself and was usable to compromise a wide variety of software unless you disabled or uninstalled QuickTime to prevent it running. A few hours ago, Apple finally dropped a new version of QuickTime (version 7.3.1) which fixes these exploit issues. Whether you use Second Life or not, if you have QuickTime installed on your machine you should get the update without delay.
Quicktime 7.3.1 fixes RTSP vulnerability
Apple has just released QuickTime 7.3.1 which addresses that nasty RTSP vulnerability recently discovered (and discovered with zero day exploit code no less!). This update also fixes 2 other security problems with QuickTime. It looks like Flash is being handled in a safer way, and a heap buffer overflow has been fixed. Apple suggests all QT 7 users install this update. Quicktime 7.3.1 is available for: Panther Tiger Leopard Windows Read the full release notes for the gory details.
QuickTime exploit in the wild, demoed on Second Life
As reported, the RTSP vulnerability in QuickTime was accompanied by working exploit code, accelerating the process of malefactors and miscreants turning it into actual malicious payloads. Symantec & other outlets have since reported that the QuickTime exploit has been seen in the wild; the exploit causes Windows clients to download a secondary malware package.Meanwhile, security researchers Charlie Miller and Dino Dai Zovi (he of the CanSecWest hacking prize) leveraged the QuickTime vulnerability to demonstrate an attack within the Second Life virtual environment. Since SL uses QuickTime to play video in-game, any player wandering within activation distance of the 'evil movie' can be pwned. Miller and Dai Zovi's demo causes the victim to gesticulate, shout "I've been hacked!" and -- most disturbingly -- send 12 Linden dollars to the attackers' SL account.The Second Life exploit starts to veer disturbingly towards Snow Crash territory. I don't want to spoil Neal Stephenson's brilliant breakthrough novel for those who haven't read it, so go read it. For the rest of us, doesn't the idea of a 'virus video' that attacks anyone who watches it seem awfully familiar?[via Mac OS Ken]
Second Life users warned of QuickTime flaw
Second Life users are being warned today (and the rest of you should be aware as well) that there's a security issue with Apple's QuickTime that allows an attacker to potentially crash or attempt to inject code into the software under which QuickTime is running. That would be your web-browser, or Second Life viewer, for example. Second Life uses QuickTime to stream video - though not from Linden Lab's servers. All video in Second Life comes from other sites and from web-sites controlled by users.
Zero-day exploit in QuickTime could hit Win iTunes users
Over the weekend, security researchers announced a vulnerability in QuickTime's handling of the RTSP streaming protocol, and Windows-only exploit code is already circulating. The flaw allows attackers to craft specially formatted RTSP responses that cause a buffer overflow, and as a result they can execute arbitrary code in the context of the logged-in user. Unfortunately, there are plenty of ways to get someone to click a malicious RTSP link, including sending it in email or including it on a website. While Symantec notes that IE and Safari for Windows appear to be resistant to the exploit code, opening a malicious RTSP link in current versions of Firefox or in QuickTime Player would allow the exploit to run.For now, there is no Mac version of the exploit (cold comfort to the millions of iTunes for Windows users); hopefully there will be a QuickTime security patch on both platforms before any additional exposure occurs. Rich Mogull at TidBITS has some helpful tips for securing your network, including blocking the RTSP protocol both at the firewall and for outbound connections via Little Snitch.Update 10:30 am Thursday: Commenter Moulles points out that a cross-platform exploit for the RTSP flaw, which could target either PCs or Macs, has now been published.[via TidBITS]
iTunes 7.5 and QuickTime 7.3
Fire up Software Update, gentle TUAW readers, because a new version of iTunes and QuickTime awaits.iTunes 7.5 adds the ability to activate an iPhone where ever it is available, and support for Phase which is a new iPod game. The usual bug fixes are also in there.QuickTime 7.3 brings support for iTunes 7.5 (shocking) as well as an updates the export option for iPhone web content and fixes numerous bugs and security updates.Thanks to everyone who sent this in.
QT Compatibility and Keyboard Software 1.2 updates released
Yes, it's that time again folks. Our friends in Cupertino have released two small (and by small we mean 'single sentence release-note' small) updates to OS X 10.4.10, namely Compatibility Update for QuickTime 7.2 and a much-desired Keyboard Software Update 1.2. The updates are available to users via the trusty Software Update option in the Apple Menu, or via the Apple Support Website (Keyboard Update / QuickTime Update). Let's hope it brings enlightenment to those of us who experienced issues with the Aluminium Keyboards, and were unable to fix them.
Apple posts video of today's media event
Did you miss all the excitement today? You can now replay it on your very own computer. Apple has just posted the video of today's event (which they call a keynote for some reason) on Apple. You'll need QuickTime to enjoy Steve wow us with new iPods, but that isn't a shock now is it?
Timelapse of iSight wakeup captures
A few months back, we wrote about reader Dylan's iSight autocapture project-- he rigged up the code to have his iSight on his MacBook Pro snap a photo every time the lid was opened (and even released all of his work as open source). At the time, he mentioned eventually combining all of the photos together into a timelapse video, and seven months later, here it is.Unfortunately, he says the Sleepwatcher daemon he was using doesn't work as of 10.4.10, so the project is over until it gets updated, if ever. But he did share with us how he compiled the images together into a timelapse-- he punched out a Perl script (which is reprinted after the jump) to rename all of the pictures into sequenced filenames, and then squished them together with Quicktime's "image sequence" feature. Very nice.
Turbo.264 update brings iPhone formats, customizable encoding settings
Erica took a first look at Elgato's Turbo.264 USB video encoder last month and found it to be a mixed bag. While it is indeed a powerful accessory to many Mac user's video encoding efforts, it's only compatible with apps that use QuickTime for encoding and export, so HandBrake and VisualHub die-hards are out of luck. Still, if you use QuickTime itself, Elgato's products (such as EyeTV) or any other QuickTime-compatible video encoding apps, the Turbo.264 is a fantastic companion that is sure to make your G4, G5 or even Intel Mac jump for joy when encoding video. While I personally don't own one yet, a new v1.1 software update from Elgato is motivating me all the more to save up and squeeze every penny out of the living room couch. One of the big-ticket new features is an iPhone-specific video setting, supporting both standard 4:3 (480 x 360) and 16:9 (480 x 270) formats. While that is definitely a cool feature, I'm more interested in another new feature (which, might I add, the rest of Elgato's video conversion software desperately needs): customizable settings for video conversion, including being able to edit the presets for devices like the Apple TV. Until now, the software included with the Turbo.264 simply offered choices like "high quality for iPod," with no ability to set things like data or compression rates. Now, finally, users have complete control over the quality of the video they output with the Turbo.264's software, and I can only hope that it's coming to their EyeTV 2 software as well. As I said, I don't own a Turbo.264 yet, but I had the chance to test one out myself and this customization was the only major complaint I had. Now that they've fixed this issue, this $99 video encoding accessory seems more appetizing than ever.
Quicktime 7.2 patches bugs, adds "Export to iPhone" option
In addition to patching various security holes, it looks like Apple added "Export to iPhone" and "Export to iPhone (Cellular)" presets to Quicktime 7.2 -- making it easy to spit out .m4v or .3gp files optimized for the iPhone's screen and data delivery options. This isn't a huge surprise, since Quicktime gained Apple TV and video iPod presets shortly after those products were released, but at least now compressing your videos to the postage stamp sizes required for them to stream over EDGE is just a click away.
QuickTime 7.2/iTunes 7.3.1 now available
Fire up Software Update, kids, there are new versions of iTunes and QuickTime in town. iTunes 7.3.1 fixes an issue were some users of iTunes 7.3 couldn't access their music libraries anymore (a problem which Apple calls 'minor,' but seems kind of major to me).QuickTime 7.2, the far more interesting update of the two, has some security updates and: Support for full screen viewing in QuickTime Player Updates to the H.264 codec Numerous bug fixes That first one is the bigger. Gone are the days of having to plunk down cold hard cash for QuickTime Pro simply to watch videos in full screen. This is has been a long time coming, and let be the first to thank you, Apple.Thanks to everyone who sent this in.
iPhone can handle Google Video as well
iPhone users out there are all pretty well familiar with what sort of content they can view on YouTube at the moment: moonwalking instructional videos are a go, obscure bluegrass fingerpicking tutorials (thanks, Dad) are not. Well, now you've got another option for viewing pointless videos, since it turns out the iPhone can support the iPod/PSP video download option over at Google Video from right within Safari. Not all videos include a download option, and we tried a similar option over at Gametrailers.com to no avail, but who needs alternatives when you can watch sneezing panda eternally? Check out the QuickTime player after the break. [Thanks, Canek]
Image Gallery: YouTube on Apple TV
Now that YouTube has arrived on the Apple TV, an image gallery of all the new features seems only fitting. Apple has done quite a nice job with the debut of this custom YouTube UI, and it is surprisingly feature-packed. In terms of video quality, I can comfortably say that most videos that started out in a decent quality to begin with (TV show clips, CG videos from design students, etc.) look *worlds* better in YouTube on the Apple TV (re-encoded to H.264 from the original, mind you; Apple thankfully doesn't put up with the dreadful quality of Flash video) than YouTube online. If you can't get to an Apple TV to take a ride for yourself, check out our YouTube on Apple TV image gallery to get a decent idea of what's in store for this clever new Apple TV feature.%Gallery-4117%
TUAW Tip: QuickTime playback shortcuts
This morning, I received a desperate letter from a person to remain nameless. "Quick!" it said, "Tell me a keyboard shortcut to mark IN on the timeline in QT Pro from where the playhead is parked. Having to twiddle those stupid triangles is frustrating beyond measure." Well, secret correspondent who shall be henceforth known as "V", here is a quick reference for you. I threw this together in short order, so if anyone has additional playback shortcuts they want to throw into the mix, please do so. If you've got a long commute, why not download Apple's QuickTime 7 Guide (pdf) and go straight to the source? Space bar. Pause/play. Right-Arrow. Move one frame forward in time. Left-Arrow. Move one frame back in time. Up-Arrow. Increase volume. Down-Arrow. Decrease volume. Command-A. Select the entire track. Command-B. Select nothing. This has the very useful side effect of moving the selection triangles to the current location of the playhead. Shift-Left Arrow. Move the left selection triangle to the playhead. Shift-Right Arrow. Move the right selection triangle to the playhead. Command-Left Arrow. Play in reverse. Command-Right Arrow. Play. Option-Left Arrow. Move left to the next selection triangle, or if there is none to the start of the movie. Option-Right Arrow. Move right to the next selection triangle, or if there is none to the end of the movie. Command-T. Play selection only. Command-L. Loop playback.
Rumor: Free full screen to come to QuickTime Player
QuickTime Player's lack of fullscreen playback (without ponying up the cash for a Pro license, that is) has long been an unnecessary annoyance. Sure, you could always use some sort of AppleScript hack (e.g. osascript -e 'tell application "QuickTime Player" to present front movie scale screen') to get around that, or watch your videos in Front Row for that matter, but there never was a good reason why the free player shouldn't be able to play using the full screen using a normal menu option. Now, according to Victor Agreda Jr, our TUAW man on the spot at WWDC, that limitation will be no more. "The next version of QT," he writes, "doesn't need the Pro version to play fullscreen." And we at TUAW add: it's about time!
Perian 1.0 released
Unfortunately, it looks like Perian 1.0 has not been released and that its appearance at MacUpdate was in error. Chris Forsythe, whom I mention below, has identified himself as the Perian Project Manager.Perian, the swiss army knife of QuickTime codecs finally hit version 1.0. But don't run over to the Perian Home Page right away. It hasn't been updated yet. Instead, as TUAW reader Jason P tipped us off, point your web browser to this MacUpdate page instead.The new version of Perian installs in a new way. It's a Preferences pane that you double-click (versus a QuickTime component that you drag to /Library/QuickTime--the new codec installs to ~/Library/QuickTime instead). You can remove it, check for updates or set your Audio options from this panel. New features include integrated A52 Dolby Digital support, subtitles, a bunch of bug fixes and many new codecs. The full list of 1.0 changes follows after the jump Thanks Jason PUpdate: TUAW reader Chris Forsythe wrote in reporting that he found Perian 1.0 buggy and that it's crashing on him. So far it's working fine for me but I have only tested it with Xvid and streaming MPEG-4 (the keynote). Let us know your results in the comments.Update 2: readers are reporting that the file seems to have disappeared from MacUpdate. "I get to the Perian 1.0 page, but if you click the download link you get a file not found error."Update 3: TUAW reader Yuvi writes that the MacUpdate link was not meant to be released.
It's official: No Flash support on the iPhone (yet)
Our sources at WWDC are reporting that, for now, there is officially no Flash support on the iPhone. Apparently, in the State of the Media address yesterday, the announcement was made that: "There will be no Flash support at the moment on the iPhone." Developers are being told not to serve video via Flash, as there simply isn't a player built for the phone yet.On the upside, the word 'yet' is apparently being used liberally, so things might look better for Flash on the iPhone sometime down the road.
Apple Posts WWDC 2007 Keynote
The keynote is now up and available for QuickTime streaming here on Apple's website. If Apple follows its usual MO, a downloadable version should be available shortly on iTunes. Watch this space. Thanks to everyone who sent this in.
YouTube on Apple TV to use H.264
I thought it was a little odd that the Apple press release concerning the YouTube addition to Apple TV stated that it would take weeks for all YouTube content to be made available on the Apple TV. iLounge got to the bottom of this slightly odd situation (or so it seemed without explanation). They spoke with Apple Vice President of Worldwide Mac Hardware Marketing David Moody who explained the delay. It would seem that all YouTube's videos are in the process of being converted to H.264, a codec that Apple TV supports. All new videos will be converted to H.264 as they are uploaded, but it will take some time to convert the back catalog.
