Author Topic: iTunes/Quicktime security flaw  (Read 3562 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
iTunes/Quicktime security flaw
« on: December 23, 2005, 10:09:07 PM »
Quote
Don't open media files from sources you don't trust--it may lead to your computer being hacked, a security researcher has warned.

Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer's popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack.

http://news.com.com/iTunes+and+QuickTime+flaw+detailed/2100-1002_3-6004635.html?tag=cd.lede
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: iTunes/Quicktime security flaw
« Reply #1 on: January 13, 2006, 09:06:02 PM »
Quote
QuickTime patch hits trouble

http://news.com.com/QuickTime+patch+hits+trouble/2100-1002_3-6026745.html?tag=cd.lede

The stand-alone Quicktime player is still at 7.0.2:

http://www.apple.com/support/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: iTunes/Quicktime security flaw
« Reply #2 on: January 14, 2006, 01:48:56 AM »
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: iTunes/Quicktime security flaw
« Reply #3 on: January 14, 2006, 09:51:56 AM »
Thanks for that link: I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle, which is what you get if you click the button on all the download pages except the one I found. The standalone link on the download page isn't exactly obvious.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

..::ReVaN::..

  • Guest
Re: iTunes/Quicktime security flaw
« Reply #4 on: January 14, 2006, 11:38:06 AM »
I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle

I thought that a standalone quicktime player doesn't even exist just the bundle with itunes(i don't need itunes), so i found this thing called quicktime alternative...Well now i know there is also a standalone quicktime player, thanks guys ;)

http://www.free-codecs.com/download/QuickTime_Alternative.htm


Cheers

Mikey

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: iTunes/Quicktime security flaw
« Reply #5 on: January 14, 2006, 03:05:48 PM »
Thanks for that link: I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle, which is what you get if you click the button on all the download pages except the one I found. The standalone link on the download page isn't exactly obvious.

Absolutelly true!! I don't know what game are they playing with that?! I too was downloading the Quicktime/iTunes bundle until I received the notification from the Panda Software Bulletin called "Oxygen3 24h-365d" with that link. After download, just for the fun of it, I tried to find that link logically following the instructions on the Apple site, but again there was no path that could led you to stanalone version???

Maybe the ITunes is not so popular so they are pushing it with this way :)..?
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline Zagor

  • Sr. Member
  • ****
  • Posts: 300
  • Well, this should be good!
    • Maybe ? Design
Re: iTunes/Quicktime security flaw
« Reply #6 on: January 14, 2006, 03:21:46 PM »
I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle

I thought that a standalone quicktime player doesn't even exist just the bundle with itunes(i don't need itunes)

Well you could Install the bundle first, then uninstall iTunes and Quick Time alone will stay on your machine (meaning thet they are not dependent).

For the next info I'm about to post I'm not quite sure that is possible to perform, (because I saw the possibility after installing the bundle) but you can try it. During the bundle install ITunes.exe and QTime.exe are extract & disunited. So before you hit the finish install you can find these two files in folder c:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\, which you can manually extract and then install QTime alone.
This Is not needed now because we wound the stanalone link, but FreewheelinFrank, just check that folder and see.
Zone Alarm Free         Bit Defender Free      Ad Aware Se Personal
avast!Professional      Ewido S Suite Plus      Microsoft AntiSpyware
Sys Safety Monitor       aSquared Free         Spybot Search&Destroy
Rootkit Revealer                                       Spyware Blaster

Tbird+Firefox2.0 (NoScript+AdBlockPlus+Dr.WebPreLinkScan)+ Win

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: iTunes/Quicktime security flaw
« Reply #7 on: January 14, 2006, 03:22:34 PM »
I installed the bundle and then uninstalled iTunes because I didn't want it. After that, I couldn't see my CD/DVD drive any more.  :o

Fortunately, a system restore fixed it, but I'm not touching the Quicktime/iTunes bundle again!
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5088
Re: iTunes/Quicktime security flaw
« Reply #8 on: January 16, 2006, 06:27:16 PM »
Security flaw was fixed in QT 7.04 and Itunes 6.02
"People who are really serious about software should make their own hardware." - Alan Kay