14 DAY TRIAL // The biggest threat to the users' computers is not Microsoft's Internet Explorer, not even by far. Instead, a solution from Apple presents the highest risk of delivering a successful attack vector. Apple's QuickTime media player outperforms not only Internet Explorer, a browser synonymous with lack of security as far as customer perception is concerned, but also Mozilla's open source solution Firefox, when it comes to the highest security risk.
QuickTime is joined on the black list by AOL's Winamp media player, also posing great risks to users. Jakob Balle, Secunia IT Development Manager revealed that "26.96% of all WinAMP 5 installations miss important security updates and 33,14% of all Quicktime 7 installations are outdated." Secunia mentioned that, in fact, customers are also at fault for the exposure inherent with the two applications.
While only 5.19% of all Firefox 2 installations scanned did not have all the security patches installed, and just 11.96% of all Opera 9.x installations missing updates, and with 9.61% and 5.4% respectively of IE6 and IE7 users not having deployed their security bulletins, QuickTime provides an attack window three times bigger than IE6 and six times larger compared to Firefox 2.0 and IE7.
"Most people using Windows and Microsoft products are usually aware of the monthly "Patch Tuesday" routine that Microsoft has set up, which can explain why the patch level for MS products are relatively high. These numbers also indicate that many people using Firefox and Opera are concerned about security and remember to keep their products updated. But when it comes to other applications that don't immediately seem that exposed, people tend to wait for an extended period of time before patching," Balle explained.
Secunia has warned of the danger due not only to the ubiquity of both QuickTime and WinAMP but also to the fact that users generally trust .mpg, .jpg, .mov, or .mp3 file, although they could carry attacks exploiting unpatched flaws in the two applications.