Ham Radio Forum

A serious security vulnerability has been discovered in QuickTime on both Windows and Mac operating systems. The vulnerability lets remote attackers execute arbitrary program code that can do almost anything to a computer.

QuickTime is used by many websites to stream audio or video (it is not used by the S-Meter site). It is used by iTunes. It is used by other programs. Most computers have QuickTime installed. It probably is installed on your computer even if you are not aware of it. Your computer can be seriously damaged by merely visiting a specially crafted website or by merely opening a specially crafted e-mail if QuickTime is installed.

There is no currently-known way to fix the vulnerability in QuickTime. The only currently-known solution is to disable it so it can't damage your computer.

The U.S. Computer Emergency Readiness Team (US-CERT) has issued a National Cyber Alert System warning about this vulnerability here:

http://www.us-cert.gov/cas/techalerts/TA07-005A.html

They also have posted workarounds to disable QuickTime so it can't damage a computer here:

http://www.kb.cert.org/vuls/id/442497

-Bob

The article linked to below explains how easy it is for anyone with just a little computer knowledge to exploit that QuickTime security vulnerability and remotely access a computer.

http://projects.info-pull.com/moab/MOAB-01-01-2007.html

Both Microsoft Windows and Apple Mac OS X versions of QuickTime have the flaw. You should immediately disable QuickTime if you haven't done so already. If you don't your computer will be openly available to anyone on the Internet who wants to use or destroy it.

That Apple program flaw was exposed by a group that promises to expose one serious Mac OS X or Apple application security vulnerability a day throughout the month of January.

Cohens

There is another reason to uninstall QuickTime. Two days later the same group posted an article about an Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability that affects both Windows and Mac users. See:

http://projects.info-pull.com/moab/MOAB-03-01-2007.html

Apple has been very slow correcting serious security problems like these in the past, so don't expect fixes anytime soon. In contrast, the same group that found the QuickTime problems disclosed a security vulnerability in VLC Media Player on January 2nd and the open source developers of that player posted a patch to correct the problem on January 4th.

Incidentally, VLC Media Player supports and converts between an extraordinarily wide range of media file types and it runs on all the commonly used operating systems; Windows, Linux, Mac, etc. I highly recommend it to anyone looking for a good player.

http://www.videolan.org/vlc/