Apple patches QuickTime, fixes bugs in iTunes
The new version also unlocked full-screen video in the app
Computerworld - Apple Inc. today patched eight vulnerabilities in the Mac OS X and Windows versions of QuickTime, and updated the iTunes software co-released with the iPhone to fix a bug that deleted purchased tracks and had convinced some users to revert to older software rather than hassle with clumsy work-arounds.
The new QuickTime also unlocked full-screen video, a feature that previously was available only in the $29.99 QuickTime Pro premium edition.
All eight of the QuickTime flaws could be ranked "critical," since in every case, Apple said they could lead to "remote code execution" -- phrasing that generally garners the highest threat rating by vendors that rank vulnerabilities. Apple, however, does not rate or prioritize the bugs it discloses or the patches it releases.
Two of the vulnerabilities are related to memory corruption problems in handling movie files, two others are integer overflow bugs, and four were blamed on design errors in QuickTime's implementation of Java, said Apple in the associated security advisory. That final foursome would most likely be exploited by enticing users to Web sites where they would be served up malicious Java applets, Apple added.
Two of the bugs were credited to Tom Ferris, a security researcher who specializes in rooting through Apple's code. In April 2006, Ferris publicized several zero-day vulnerabilities in Mac OS X and the Safari browser; a month later, he noted that Apple had failed to fix all the flaws in a subsequent security update.
QuickTime 7.2 also updates the H.264 video codec.
Meanwhile, iTunes also received an update today. The new Version 7.3.1 doesn't include any security fixes, said Apple, but instead "addresses a minor problem with iTunes 7.3 accessing the iTunes Library."
Numerous users who posted complaints to Apple's support forums might not agree with the characterization of problems in iTunes 7.3 as "minor." Almost immediately after Apple updated iTunes on June 29 to account for the iPhone, users began reporting seeing the error message "iTunes Library file cannot be saved, an unknown error occurred (-50)" only to have iTunes then crash.
"I lost two full albums," said a user identified as "Gil Jawetz." (Jawetz later told Computerworld that he did not actually lose music files, only that his library file became corrupted.) Others outlined work-arounds that required users to save their libraries, delete a pair of iTunes files, then re-import the saved libraries.
Still others just gave up. "I've thrown in the towel....iTunes just crashed on me...so I've gone back to 7.2," wrote "dee_r" on July 2. Other users complained that iTunes had a new problem sorting tracks by artist and album, and that their sometimes massive collections were now askew. Today's update to 7.3.1 also reportedly fixed that bug.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts