14 DAY TRIAL // Last week, Apple was announcing... wait, no, Apple barely "announces" its hardware, so updates are out of the question. What I meant to say was that last week, the Cupertino-based corporation responsible for some of the most innovative products out there has rolled out three updates. One in particular addresses 11 "high-risk security vulnerabilities," which are only now detailed. Have a look-see.
Updates issued by Apple last week were aimed at iTunes, QuickTime and Front Row, fixing stability issues, resolving security issues and improved compatibility with third-party apps.
Recently updated to version 7.4.5, QuickTime adds patches for some 11 "high-risk security vulnerabilities," which are only now detailed. According to the aforementioned source, the XPMs (exploit prevention mechanisms) are part of the newly updated Windows and Mac OS X versions of QuickTime, which address as many as nine of the respective security issues.
"Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits," eWeek writes.
As many as five of the remote code execution flaws could potentially be exploited by hackers via the use of malicious movie files, other sources inform. Mac users are as vulnerable as Windows users, as long as they keep running older versions of QuickTime, Apple says.
The Windows Vista version of QuickTime particularly includes ASLR (address space layout randomization). The technology "randomly arranges the positions of key data areas" to prevent malicious code execution on targeted systems, sources familiar with Apple's moves say.
"There have been umpteen QuickTime vulnerabilities discovered in the last few months, and the danger is that hackers will exploit them by fooling computer users into clicking on a link to a movie," said Graham Cluley, senior technology consultant for Sophos. "Historically, Windows lovers have been more at threat from QuickTime vulnerabilities than Mac fans, but it would be sensible for people on either side of the OS divide to make sure their systems are properly secured and patched," Cluley concluded.
Be sure to update to the latest version of Apple's QuickTime player as soon as you get the chance. Here, why don't you just do it right now so you're out of harm's way.