Flaws Hit QuickTime, iTunes

Wiz Feinberg · Post by **Wiz Feinberg** » 12 Jan 2006 8:52 pm

Attention Apple users: Step away from reading about MacWorld, put down your iPods and update your QuickTime software now to prevent a hacker from taking over your system.

There are five highly critical flaws in Apple's QuickTime application that affect both Apple and Windows versions, as well as Apple's popular iTunes application.

The flaws all relate to image-handling issues inside of QuickTime. CVE-2005-2340 is described by security firm Secunia as, "a boundary error in the handling of QTIF images [that] can be exploited to cause a heap-based buffer overflow." Such a buffer overflow could allow an attacker to execute arbitrary code.

According to Security firm eEye, QuickTime users aren't the only ones at risk. Users of iTunes are also at risk due to its tight integration with QuickTime and, as such, "all of these security issues are also exploitable via the iTunes software."

Apple has provided an update for QuickTime that patches all the currently publicly disclosed vulnerabilities.

Systems Affected

Apple QuickTime on systems running

* Apple Mac OS X
* Microsoft Windows XP
* Microsoft Windows 2000

Upgrade

Upgrade to QuickTime 7.0.4.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage[This message was edited by Wiz Feinberg on 12 January 2006 at 09:22 PM.]

Anders Brundell · Post by **Anders Brundell** » 14 Jan 2006 11:07 pm

Wiz;

I'm unable to find an update för XP via that link you mention. Could you give more exact info on where to find the actual download?
(I very often get confused and sometimes totally lost when I try to figure out the proper choise on data sites. These sites are certainly not made for us who know very little about pc:s.)

Thanks!

Anders

Wiz Feinberg · Post by **Wiz Feinberg** » 14 Jan 2006 11:49 pm

Anders;
Go to this page to download the updated Quicktime for Windows 2000/XP: http://www.apple.com/quicktime/download/win.html

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage

Anders Brundell · Post by **Anders Brundell** » 15 Jan 2006 7:53 am

Thanks, WiZ

That worked.

Larry Robbins · Post by **Larry Robbins** » 15 Jan 2006 8:48 am

Got it as well. Thanks for looking out for us,Wiz!

------------------
SHO~BUDS,FENDER AMPS& GUITARS, TUT TAYLOR RESO'S

"What a long, strange trip it's been"

Wiz Feinberg · Post by **Wiz Feinberg** » 16 Jan 2006 5:53 pm

Today I learned that some Mac and Windows users are experiencing severe problems after upgrading to the Quicktime version listed in my first post. It is a good idea to revist the Apple download page frequently to see if they release another patch to fix the patch that fixes the flaws in the previous patch (wink, wink, nudge, nudge)!

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage

b0b · Post by **b0b** » 17 Jan 2006 3:49 pm

My Mac goes out and gets the updates automatically, when they are available. The new Quicktime seems to work fine for MP3's and MIDI files, which is all I use it for.

Edward Efira · Post by **Edward Efira** » 18 Jan 2006 10:41 am

what bOb says
Ed