Apple QuickTime Update
I’m sure everyone is familiar with the popular media player from Apple called QuickTime, right? The free version of the player can handle any number of audio, as well as, video file types and it is almost a necessity if you like to view media on the Web.
Almost everyone has QuickTime installed on their system, whether they know it or not. Go ahead and take a look in your programs list (Start, All Programs). Sure enough, you’ll probably see it sticking out like a sore thumb right there in the Q section. The fact that the player is so widely installed is the reason why this week’s security alert is so important.
Earlier this week, Apple put out an update for their player that addresses eight unpatched flaws in the program. All eight of these security holes could allow an attacker to breech your security defenses by crashing the player and injecting malicious code. This code will then allow the attacker the ability to take control of the targeted system, doing with it what they may, at that point. The attack is pretty straight forward. The procedure relies on the user opening specially crafted media files that, when opened, cause one of three things: an integer overflow, heap buffer overflow or a stack buffer overflow. All of those will crash the player, allowing the injection of the arbitrary code. This attack is not limited to PC users either. The Mac operating system is subject to the vulnerability as well.
Now that we have all that out of the way, how can you update the version of QuickTime on your machine? Well, there are two ways to update it. You can go to the Apple security and update page and download the update there. This way, you just simply install it, almost as a stand alone application. Or, you can use the update feature within QuickTime’s interface. I just went through them both and I have to confess, I think the way to go is to just download the self-installer and install the update manually. There are a few things to look out for while installing the update and I will highlight these points of interest in the installation guide below.
1.) Download the update from Apple’s site and save the self-installing package some place where you can find it easily, such as on your desktop. You can download the updated version of QuickTime for Windows 2000, XP and Vista here.
There are some checkmarks and options you want to look out for before downloading. For instance, there are two versions of the patch. One comes with iTunes and if you don’t need it, I wouldn’t recommend downloading that version. There is also a spot for your e-mail address and a couple of boxes that are checked off that indicate you would like e-mail sent to you. I also suggest not putting your e-mail address in the provided field and clearing the checkboxes to stop any unwanted junk mail.
2.) Once the download is complete, shut down all your background running programs and double click the QuickTime icon to begin the installation. From here, you basically follow the on-screen instructions and the installation will take care of itself.
3.) After the installation is complete, you can open QuickTime from the Start, All Programs menu and go to Help, About QuickTime. There, you will see the version number in the small pop up window. It should indicate that you now have QuickTime version 7.1.5. If it does, you are successfully updated.
You should be all patched up and protected against the QuickTime vulnerabilities (for now at least). There is one more note that you may want to keep in mind. After the update, QuickTime wants to put an icon down in your toolbar. You can easily remove this by opening QuickTime and changing the option to have the icon visible, if you want.
Until next week, stay safe out there!
~ Chad Stelnicki