Apple patches QuickTime, fixes bugs in iTunes
The new version also unlocked full-screen video in the app
Computerworld - Apple Inc. today patched eight vulnerabilities in the Mac OS X and Windows versions of QuickTime, and updated the iTunes software co-released with the iPhone to fix a bug that deleted purchased tracks and had convinced some users to revert to older software rather than hassle with clumsy work-arounds.
The new QuickTime also unlocked full-screen video, a feature that previously was available only in the $29.99 QuickTime Pro premium edition.
All eight of the QuickTime flaws could be ranked "critical," since in every case, Apple said they could lead to "remote code execution" -- phrasing that generally garners the highest threat rating by vendors that rank vulnerabilities. Apple, however, does not rate or prioritize the bugs it discloses or the patches it releases.
Two of the vulnerabilities are related to memory corruption problems in handling movie files, two others are integer overflow bugs, and four were blamed on design errors in QuickTime's implementation of Java, said Apple in the associated security advisory. That final foursome would most likely be exploited by enticing users to Web sites where they would be served up malicious Java applets, Apple added.
Two of the bugs were credited to Tom Ferris, a security researcher who specializes in rooting through Apple's code. In April 2006, Ferris publicized several zero-day vulnerabilities in Mac OS X and the Safari browser; a month later, he noted that Apple had failed to fix all the flaws in a subsequent security update.
QuickTime 7.2 also updates the H.264 video codec.
Meanwhile, iTunes also received an update today. The new Version 7.3.1 doesn't include any security fixes, said Apple, but instead "addresses a minor problem with iTunes 7.3 accessing the iTunes Library."
Numerous users who posted complaints to Apple's support forums might not agree with the characterization of problems in iTunes 7.3 as "minor." Almost immediately after Apple updated iTunes on June 29 to account for the iPhone, users began reporting seeing the error message "iTunes Library file cannot be saved, an unknown error occurred (-50)" only to have iTunes then crash.
"I lost two full albums," said a user identified as "Gil Jawetz." (Jawetz later told Computerworld that he did not actually lose music files, only that his library file became corrupted.) Others outlined work-arounds that required users to save their libraries, delete a pair of iTunes files, then re-import the saved libraries.
Still others just gave up. "I've thrown in the towel....iTunes just crashed on me...so I've gone back to 7.2," wrote "dee_r" on July 2. Other users complained that iTunes had a new problem sorting tracks by artist and album, and that their sometimes massive collections were now askew. Today's update to 7.3.1 also reportedly fixed that bug.
Read more about Security in Computerworld's Security Topic Center.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!