Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Audio & Video Business Center Cameras Cell Phones & PDAs Desktop PCs Gadgets Gaming HDTV Laptops Macs & iPods Monitors Printers Software Spyware & Security Storage Upgrading Windows Vista & XP
Resource Centers
Asus Notebook Center
Intel Technology Center
CDW Solution Center
Lenovo Laptop Showcase
Try It Free
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Today at PC World
Today @ PC World
News, opinion, and links from the PC World staff.
Recent entries in this blog:
Thursday, July 12, 2007 7:11 PM PT Posted by Stuart Johnston

More Patches: Now It's QuickTime's Turn

There's been a streak of security updates and issues for often-used products in the last few days. First was Microsoft's Patch Tuesday rush, and then that scrap about Internet Explorer and Firefox. Finally, Adobe patched holes in Flash Player.

Now, Apple just fixed eight security bugs ? seven of which I'd define as "critical" ? in QuickTime media player. The updated version is numbered 7.2.

Apple doesn't actually call them "critical." But when a threat description says that a successful exploit can result in "arbitrary code execution," that would seem to mean that a successful exploit would let someone else take over your PC. So that's my choice of word.

Software makers usually try to be vague enough in their discussion of how a bug works that they don't make crackers' jobs any easier or give anyone ideas. Apple is no different, and is even a bit more vague than some. But at least three of these bugs could bite you if you were to play booby-trapped movie files of different types ? including H.264 and .m4v format MP4 files.

A fourth flaw could be taken advantage of if you started up a malicious multimedia file written using the Synchronized Multimedia Integration Language (SMIL).

(I'll let you guess at how it's pronounced, but what it does is synchronize elements in a multimedia presentation. For instance, it could be used to write a script that shows a series of pictures one second each while "Happy Birthday" plays.)

The other three critical vulnerabilities Apple only characterizes as "design issues" so I'm not even going to guess at that. But it does say that you could be successfully attacked by merely visiting a site that hosts a malicious link. All in all, it's definitely an update worth getting.

There are updates for the Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and Windows XP Service Pack 2.

If you don't have your software update preferences set to automatically download and install updates, you can get the download manually.

For more information and links to the downloads check out Apple's security bulletin.

Comments
Post a comment Post a comment
Recent Posts
More Bad News for Blu-Ray
McCain Pushes Fair Use on YouTube
Firefox Update Enters Beta
Googling Is Good For Your Brain
Apple vs. the Economy: Can the New Macs Really Sell?
Motorola, Verizon Deliver ZN4 Touch-Screen: Krave
Pimp Your Flip Mino with Customizable Designs
Archives
View posts from:
 

PC World's Marketplace

PC World's Free Whitepapers

QUICK LINKS: cheap laptops cell phones laser printers HDTV reviews LCD TV Plasmas digital cameras laptop reviews security antivirus windows vista reviews digital camera reviews inexpensive desktop LCD wide screen monitors
tech news tech blogs community & forums laptop prices software reviews downloads
About UsContact UsAdvertiseASME GuidelinesNewslettersFAQIDG InternationalMagazine Customer Service
© 1998-2008, PC World Communications, Inc.Terms of Service AgreementPrivacy PolicyCommunity Standards
RSS FeedsXML

Visit other IDG sites: