Thursday November 20, 2008 6:34 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Apple still offering Windows users flawed Quicktime version

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Summary for November 2008
MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:1.0

CERT/CC

Latest Comments

"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."

on Yahoo and Microsoft take aim at lottery scams

by Rodney Churchyard | Nov 20, 2008 6:13 PM

"security through obscurity...shows how detached HIPAA is from reality."

on Privacy breaches causing business instability

by priceOfFishInChina | Nov 20, 2008 1:19 PM

"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."

on Shavlik Technologies to broaden its patch management offerings

by eric | Nov 20, 2008 8:15 AM

"it's great i tried it"

on McAfee offers free trial of security appliance

by divyacharan | Nov 20, 2008 12:24 AM

"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."

on Siber Systems RoboForm Enterprise

by Omarra Byrd | Nov 18, 2008 8:19 AM

Web

Apple still offering Windows users flawed Quicktime version

According to Secunia, there is no way for Windows users to download a non-vulnerable version of the program.

"Rather than supplying the correct fixed version for download, Apple still provides the old vulnerable version," wrote Thomas Kristensen, chief technical officer at Secunia, in the company blog.

"To get the actual security upgrade, users have to go through a rigorous update process, which is entirely different from the download process.

To make matters worse, the update process isn't documented anywhere, so users may not even know where to begin."

Kristensen said Secunia was made aware of the problem by an “enormous” amount of feedback from users of the company’s free Secunia Software Inspector.

Users were complaining that after downloading the latest version of Quicktime the inspector was still returning results that claimed the program was vulnerable.

Users thought Secunia’s tool was broken, but after a quick download of the latest version of Quicktime, Secunia researchers were able to exploit it.

They highly recommend Windows Quicktime users run the Apple Software Update application that is bundled with Quicktime and install the available update called “Security Update 2007-1.”

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Apple still offering Windows users flawed Quicktime version

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management