News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
Apple on Wednesday released an update to QuickTime, version 7.4.1. Available for download from the Software Update system preference, QuickTime is also available from Apple's downloads web site. Separate updaters have been posted for Mac OS X v10.3, 10.4 and 10.5.
The update "addresses security issues and improves compatibility with third-party applications," according to Apple. Apple provided no additional details about those changes in the release notes, but confirmed that this update addresses a previously reported incompatibility between QuickTime 7.4 and Adobe After Effects.
According to a separately posted note on Apple's web site, QuickTime 7.4.1 also includes a security improvement that can prevent a malicious web site from causing an unexpected application termination or arbitrary code execution.
Apple describes the problem as a "heap buffer overflow" that occurs in QuickTime 7.4's handling of HTTP responses when RTSP tunneling is enabled. The update improves bounds checking, thus preventing the issue from occurring.
On Jan. 10, researcher Luigi Auriemma disclosed the flaw by posting proof-of-concept attack code that could be used to run unauthorised software on a victim’s computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday’s QuickTime 7.4.1 update is for both OS X and Windows.
It is Apple’s fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.
“In the past few months, QuickTime has been a prevalent target for security researchers,” said Andrew Storms, director of security operations with nCircle Network Security, via instant message. “Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren’t yet accustomed to attacks arriving in the form of a viral video.”
wrote on February 11, 2008 9:47 PM
Quicktime 7.4.1 caused my Mpeg4 movies to play with sound but no video. Had to downgrade to 7.3.1
For watching movies, Jobs announced that the second iteration of the Apple TV will allow movies to be downloaded (and even rented) directly from the iTunes Store without the need for a computer to get involved. Of course, this feature is only relevant to Americans, but as an increasing number of Australians are figuring out how to access the US iTunes Store it's worth noting. The iTunes rental service includes both new release and "catalogue" films from all the major studios.
Matthew JC. Powell | Jan 16, 2008
Apple sold 2.3 million Macs and 22.1 million iPods during the holiday shopping season, helping the company turn a $US1.58-billion profit during its fiscal first quarter. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. For the quarter ended December 31, Apple reported a profit of $US1.76 a share on revenue of $US9.6 billion.
Jim Dalrymple,Philips Michaels and Peter Cohen | Jan 23, 2008
Adobe has released a slew of updates to key applications in Creative Suite 3, finally bringing Leopard compatibility to After Effects, in addition to some more general fixes.
Jim Dalrymple | Jan 24, 2008
The release of QuickTime 7.4 earlier this month had an unplanned side-effect for one of Apple’s biggest developers, Adobe. According to an Adobe product manager the QuickTime release breaks After Effects and Premiere. Apparently the issue is with QuickTime’s support of Digital Rights Management technology for downloaded movies in iTunes. QuickTime checks movies at regular intervals for DRM violations and since the Adobe products don’t write the headers until it renders the movies, this is seen as a violation.
Jim Dalrymple | Jan 27, 2008
App Store developers will now be able to reach customers in 13 new countries, according to an announcement on the iPhone Developer Program news page.
