iTunes/Quicktime security flaw

Don't open media files from sources you don't trust--it may lead to your computer being hacked, a security researcher has warned.

Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer’s popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack.

http://news.com.com/iTunes+and+QuickTime+flaw+detailed/2100-1002_3-6004635.html?tag=cd.lede

QuickTime patch hits trouble

http://news.com.com/QuickTime+patch+hits+trouble/2100-1002_3-6026745.html?tag=cd.lede

The stand-alone Quicktime player is still at 7.0.2:

http://www.apple.com/support/

v7.0.4.80

http://www.apple.com/quicktime/download/standalone.html

It’s working fine with me.

Thanks for that link: I looked for a standalone link for ages, but Apple push the Quicktime/iTunes bundle, which is what you get if you click the button on all the download pages except the one I found. The standalone link on the download page isn’t exactly obvious.

I thought that a standalone quicktime player doesn’t even exist just the bundle with itunes(i don’t need itunes), so i found this thing called quicktime alternative…Well now i know there is also a standalone quicktime player, thanks guys :wink:

http://www.free-codecs.com/download/QuickTime_Alternative.htm

Cheers

Mikey

Absolutelly true!! I don’t know what game are they playing with that?! I too was downloading the Quicktime/iTunes bundle until I received the notification from the Panda Software Bulletin called “Oxygen3 24h-365d” with that link. After download, just for the fun of it, I tried to find that link logically following the instructions on the Apple site, but again there was no path that could led you to stanalone version???

Maybe the ITunes is not so popular so they are pushing it with this way :)…?

Well you could Install the bundle first, then uninstall iTunes and Quick Time alone will stay on your machine (meaning thet they are not dependent).

For the next info I’m about to post I’m not quite sure that is possible to perform, (because I saw the possibility after installing the bundle) but you can try it. During the bundle install ITunes.exe and QTime.exe are extract & disunited. So before you hit the finish install you can find these two files in folder c:\WINDOWS\Downloaded Installations{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}, which you can manually extract and then install QTime alone.
This Is not needed now because we wound the stanalone link, but FreewheelinFrank, just check that folder and see.

I installed the bundle and then uninstalled iTunes because I didn’t want it. After that, I couldn’t see my CD/DVD drive any more. :o

Fortunately, a system restore fixed it, but I’m not touching the Quicktime/iTunes bundle again!

Security flaw was fixed in QT 7.04 and Itunes 6.02