Rubiconic Crossings
17-12-2007, 20:27
http://www.theregister.co.uk/2007/12/15/apple_security_fixes/
Apple keeps critical security fixes to itself
Insecurity through obscurity
By Dan Goodin in San Francisco → More by this author
Published Saturday 15th December 2007 01:33 GMT
Find out how your peers are dealing with Virtualization
Apple has released updates for two widely distributed products that harbored a raft of security vulnerabilities, some of which were actively being exploited by miscreants. Unbelievably, the company isn't presenting either as a security fix to mainstream users despite the risk the bugs pose for its millions of users.
QuickTime 7.3.1 fixes at least three vulnerabilities. The most serious of them resided in the way QuickTime interacts with servers that stream music and video and gave miscreants the ability to completely hijack both PCs and Macs alike. According to Symantec criminals have been exploiting it for two weeks now by luring victims to booby-trapped websites.
The update, which was released Thursday, plugs two other holes, both of which give an attacker the ability to execute malicious code on vulnerable machines.
....
There are a fair few links in the article so its best to go there...and there is more to the article.
As usual Apple shows the same regard for security issues as Microsoft does. It is a shame that the warning on the Quicktime update did not state explicitly that the application was fundamentally unsecured.
Not a good move by Apple.
Apple keeps critical security fixes to itself
Insecurity through obscurity
By Dan Goodin in San Francisco → More by this author
Published Saturday 15th December 2007 01:33 GMT
Find out how your peers are dealing with Virtualization
Apple has released updates for two widely distributed products that harbored a raft of security vulnerabilities, some of which were actively being exploited by miscreants. Unbelievably, the company isn't presenting either as a security fix to mainstream users despite the risk the bugs pose for its millions of users.
QuickTime 7.3.1 fixes at least three vulnerabilities. The most serious of them resided in the way QuickTime interacts with servers that stream music and video and gave miscreants the ability to completely hijack both PCs and Macs alike. According to Symantec criminals have been exploiting it for two weeks now by luring victims to booby-trapped websites.
The update, which was released Thursday, plugs two other holes, both of which give an attacker the ability to execute malicious code on vulnerable machines.
....
There are a fair few links in the article so its best to go there...and there is more to the article.
As usual Apple shows the same regard for security issues as Microsoft does. It is a shame that the warning on the Quicktime update did not state explicitly that the application was fundamentally unsecured.
Not a good move by Apple.