Apple patches QuickTime, fixes bugs in iTunes
The new version also unlocked full-screen video in the app
Computerworld - Apple Inc. today patched eight vulnerabilities in the Mac OS X and Windows versions of QuickTime, and updated the iTunes software co-released with the iPhone to fix a bug that deleted purchased tracks and had convinced some users to revert to older software rather than hassle with clumsy work-arounds.
The new QuickTime also unlocked full-screen video, a feature that previously was available only in the $29.99 QuickTime Pro premium edition.
All eight of the QuickTime flaws could be ranked "critical," since in every case, Apple said they could lead to "remote code execution" -- phrasing that generally garners the highest threat rating by vendors that rank vulnerabilities. Apple, however, does not rate or prioritize the bugs it discloses or the patches it releases.
Two of the vulnerabilities are related to memory corruption problems in handling movie files, two others are integer overflow bugs, and four were blamed on design errors in QuickTime's implementation of Java, said Apple in the associated security advisory. That final foursome would most likely be exploited by enticing users to Web sites where they would be served up malicious Java applets, Apple added.
Two of the bugs were credited to Tom Ferris, a security researcher who specializes in rooting through Apple's code. In April 2006, Ferris publicized several zero-day vulnerabilities in Mac OS X and the Safari browser; a month later, he noted that Apple had failed to fix all the flaws in a subsequent security update.
QuickTime 7.2 also updates the H.264 video codec.
Meanwhile, iTunes also received an update today. The new Version 7.3.1 doesn't include any security fixes, said Apple, but instead "addresses a minor problem with iTunes 7.3 accessing the iTunes Library."
Numerous users who posted complaints to Apple's support forums might not agree with the characterization of problems in iTunes 7.3 as "minor." Almost immediately after Apple updated iTunes on June 29 to account for the iPhone, users began reporting seeing the error message "iTunes Library file cannot be saved, an unknown error occurred (-50)" only to have iTunes then crash.
"I lost two full albums," said a user identified as "Gil Jawetz." (Jawetz later told Computerworld that he did not actually lose music files, only that his library file became corrupted.) Others outlined work-arounds that required users to save their libraries, delete a pair of iTunes files, then re-import the saved libraries.
Still others just gave up. "I've thrown in the towel....iTunes just crashed on me...so I've gone back to 7.2," wrote "dee_r" on July 2. Other users complained that iTunes had a new problem sorting tracks by artist and album, and that their sometimes massive collections were now askew. Today's update to 7.3.1 also reportedly fixed that bug.
Read more about Security in Computerworld's Security Topic Center.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!