Apple still offering Windows users flawed Quicktime version

By

This week Apple released a security update for a Quicktime vulnerability that was disclosed on the first of the month, but researchers with Secunia reported on Thursday that Windows users who download the latest version of the software are still vulnerable.


According to Secunia, there is no way for Windows users to download a non-vulnerable version of the program.

"Rather than supplying the correct fixed version for download, Apple still provides the old vulnerable version," wrote Thomas Kristensen, chief technical officer at Secunia, in the company blog.

"To get the actual security upgrade, users have to go through a rigorous update process, which is entirely different from the download process.

To make matters worse, the update process isn't documented anywhere, so users may not even know where to begin."

Kristensen said Secunia was made aware of the problem by an “enormous” amount of feedback from users of the company’s free Secunia Software Inspector.

Users were complaining that after downloading the latest version of Quicktime the inspector was still returning results that claimed the program was vulnerable.

Users thought Secunia’s tool was broken, but after a quick download of the latest version of Quicktime, Secunia researchers were able to exploit it.

They highly recommend Windows Quicktime users run the Apple Software Update application that is bundled with Quicktime and install the available update called “Security Update 2007-1.”
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
appleflawedofferingquicktimesecuritystillusersversionwindows

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?