We pulled the trigger deploying Quicktime 7.4 to all users yesterday, so as we’ve grown to expect, Apple releases Quicktime 7.4.1 today. While we knew another update was coming, you just can’t wait forever for a update to post.
The Quicktime download is in the usual location. If you are running iTunes, just grab that update. Apple’s security bulletin is here.
Posts tagged ‘Quicktime’
Quicktime 7.4.1 is Out
JAVA 1.6 Update 4
SANS blogged about the latest JAVA 1.6 Update 4 release back on January12th. Brian Krebs today wrote a piece in his Washington Post blog Security Fix.
I admit it. I have no idea whether or not this update is critical. SANS seemed to say ‘you might want to do this soon.’ Brian said ‘it contains some security fixes. You should update.’ I’m looking around to see how SUN categorizes this fix. Microsoft would be letting me know if its critical or important, if exploits are available and how an attack might occur. Cisco would use the CVSS standard, which is pretty cool. Even after reviewing SUN’s release notes I dont have a clue.
I kind of want to say no news is good news. We need to keep the enterprise wide reboots caused by software updates to a minimum. I just hope I dont open my RSS reader one day and read about a exploit in the wild that would have been patched if I had deployed this. I’ll keep this one on the back burner and deploy it if Adobe, Flash and Quicktime slow their vulnerability circus for a while.
Quicktime 7.4
Quicktime 7.4 is out
For detailed information on the security content of this update, visit http://docs.info.apple.com/article.html?artnum=307301
Quicktime 7.3.1 posted
Quicktime 7.3.1 has been posted to http://www.apple.com/quicktime/download/.
http://www.apple.com/support/downloads/
Another Vulnerability in Quicktime? Oh Come on
US CERT has posted an alert about a zero day vulnerability in Quicktime
US-CERT is aware of a vulnerability in Apple QuickTime that may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system.
Until a security fix becomes available, US-CERT encourages users and administrators to follow the Securing Your Web Browser document to help mitigate the security risk.
That seems about right. I just pushed the last security fix from Quicktime out to the first test group.
Quicktime 7.3
Ugh, another Quicktime update.
Quicktime Update Released
Apple released a Quicktime update tonight bringing us to 7.2.0.245.
Download Link
The patch is issued to resolve “a command injection issue exists in QuickTime’s handling of URLs in the qtnext field in QTL files.”
It would have been nice if they’d updated the file version of quicktimeplayer.exe or updated the version information in add remove programs. Now I have to either talk the SMS guys into adding QuickTime.qts to the software inventory or just go ahead and run this patch one time on anything that has Quicktime 7.2.
Quicktime 7.2 packaging
One of the benefits of frequent Quicktime patching, is that each time I do it becomes easier. The last couple of times, I think I copied the MSI, tested and I was done.
With 7.2, I ran into a bit of a snag. It seems that the first time each user uses the shortcut in the start menu, Quicktime does a brief mini-install. I’m not sure if this is by design or if I’ve done something to set it off. The result of that mini-install is the desktop and quick launch icons are recreated. I see a post from over at appdeploy commenting about this issue as well.
The only way to avoid this that I’ve found is to delete the start menu items for Quicktime and recreate new shortcuts without the MSI baggage.
Got Windows 2000 and want to run Quicktime? tough luck
Through reading comments over at Brian Krebs Security Fix, is found out that Quicktime 7.2 is not supported on Windows 2000. Just to verify that for myself, I tried installing on Windows 2000 and found that only XP and Vista are supported.
Windows 2000 is slowly riding into the sunset, however Microsoft still supplies security patches for the OS. I’m not sure what extra cost Apple would incur by allowing the software on Windows 2000. At this point, I think I have no other choice but to uninstall Quicktime from the remaining Windows 2000 computers.
This is getting ridiculous. Quicktime 7.2 is out.
I’ve lost track of how many times I’ve updated Quicktime this year. Over on zdnet, I believe they said this is the 5th update. I recall at the last update, I questioned whether we really needed this software or not.
Apple Security Bulletin
Multiple arbitrary code execution vulnerabilities.
