Avast WEBforum

Other => General Topics => Topic started by: FreewheelinFrank on December 23, 2005, 10:09:07 PM

Title: iTunes/Quicktime security flaw
Post by: FreewheelinFrank on December 23, 2005, 10:09:07 PM
Quote
Don't open media files from sources you don't trust--it may lead to your computer being hacked, a security researcher has warned.

Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer's popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack.

http://news.com.com/iTunes+and+QuickTime+flaw+detailed/2100-1002_3-6004635.html?tag=cd.lede
Title: Re: iTunes/Quicktime security flaw
Post by: FreewheelinFrank on January 13, 2006, 09:06:02 PM
Quote
QuickTime patch hits trouble

http://news.com.com/QuickTime+patch+hits+trouble/2100-1002_3-6026745.html?tag=cd.lede

The stand-alone Quicktime player is still at 7.0.2:

http://www.apple.com/support/
Title: Re: iTunes/Quicktime security flaw
Post by: Zagor on January 14, 2006, 01:48:56 AM
v7.0.4.80

http://www.apple.com/quicktime/download/standalone.html

It's working fine with me.
Title: Re: iTunes/Quicktime security flaw
Post by: FreewheelinFrank on January 14, 2006, 09:51:56 AM
Thanks for that link: I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle, which is what you get if you click the button on all the download pages except the one I found. The standalone link on the download page isn't exactly obvious.
Title: Re: iTunes/Quicktime security flaw
Post by: ..::ReVaN::.. on January 14, 2006, 11:38:06 AM
I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle

I thought that a standalone quicktime player doesn't even exist just the bundle with itunes(i don't need itunes), so i found this thing called quicktime alternative...Well now i know there is also a standalone quicktime player, thanks guys ;)

http://www.free-codecs.com/download/QuickTime_Alternative.htm


Cheers

Mikey
Title: Re: iTunes/Quicktime security flaw
Post by: Zagor on January 14, 2006, 03:05:48 PM
Thanks for that link: I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle, which is what you get if you click the button on all the download pages except the one I found. The standalone link on the download page isn't exactly obvious.

Absolutelly true!! I don't know what game are they playing with that?! I too was downloading the Quicktime/iTunes bundle until I received the notification from the Panda Software Bulletin called "Oxygen3 24h-365d" with that link. After download, just for the fun of it, I tried to find that link logically following the instructions on the Apple site, but again there was no path that could led you to stanalone version???

Maybe the ITunes is not so popular so they are pushing it with this way :)..?
Title: Re: iTunes/Quicktime security flaw
Post by: Zagor on January 14, 2006, 03:21:46 PM
I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle

I thought that a standalone quicktime player doesn't even exist just the bundle with itunes(i don't need itunes)

Well you could Install the bundle first, then uninstall iTunes and Quick Time alone will stay on your machine (meaning thet they are not dependent).

For the next info I'm about to post I'm not quite sure that is possible to perform, (because I saw the possibility after installing the bundle) but you can try it. During the bundle install ITunes.exe and QTime.exe are extract & disunited. So before you hit the finish install you can find these two files in folder c:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\, which you can manually extract and then install QTime alone.
This Is not needed now because we wound the stanalone link, but FreewheelinFrank, just check that folder and see.
Title: Re: iTunes/Quicktime security flaw
Post by: FreewheelinFrank on January 14, 2006, 03:22:34 PM
I installed the bundle and then uninstalled iTunes because I didn't want it. After that, I couldn't see my CD/DVD drive any more.  :o

Fortunately, a system restore fixed it, but I'm not touching the Quicktime/iTunes bundle again!
Title: Re: iTunes/Quicktime security flaw
Post by: .: Mac :. on January 16, 2006, 06:27:16 PM
Security flaw was fixed in QT 7.04 and Itunes 6.02