Via ZDNet (http://blogs.zdnet.com/Ou/?m=200701).

Looks nasty.

Wow... hope Apple can patch that one up quickly! :(

Ohhhh scary... a super-long QuickTime file name creating a buffer overflow.

Apple will have this patched in no time.

Month of Apple Bugs (http://projects.info-pull.com/moab/)

This will prove an interesting month.

Time to see if Apple are actually awake.

Not that it matters (it needs to get patched), but isn't this a QuickTime flaw and not an OS X operating system flaw?

Not that it matters (it needs to get patched), but isn't this a QuickTime flaw and not an OS X operating system flaw?
QuickTime comes with every Mac and a heck of a lot of basic functionality relies on it, so I'm not sure it's useful to view at it as a separate piece of software.

Wow, didn't do anything on my system besides display a bunch of garbage on my screen..

However I have disabled auto play of quicktime movies on web pages. An old habit from my Windows days.

QuickTime comes with every Mac and a heck of a lot of basic functionality relies on it, so I'm not sure it's useful to view at it as a separate piece of software.
Yeah, I guess. It's just semantics. :D

Well, I appreciate their enthusiasm for finding Apple bugs, but I do take offense to the fact that they release them in the wild before releasing them to Apple. At the very least publish the details and release the working exploits at the end of January or something. Then again to these guys, anyone who disagrees "needs to call a hotline", and would "wear pink pants if Steve Jobs did." And apparently "Johnny Pwnerseed" is a cool psuedonym.

I don't like this needless posturing at the expense of innocent users.

Not that it matters (it needs to get patched), but isn't this a QuickTime flaw and not an OS X operating system flaw?QuickTime is not an application. It is the set of multimedia APIs in MacOS 9/MacOS X. To the extent that QuickTime has been ported to Windows, a substantial portion of MacOS X has been ported to Windows. Having said that, it is also important to understand that the reported exploit works only on Intel-based computers--either Windows or MacOS X. It does not work on PPC-based Macs. Another thing to remember is that this is not our first rodeo. With great fanfare in the past, we have heard reports of MacOS X exploits only to have those exploits come to naught. So far, we have only the exploit's author's word for it that a real exploit has been found. Forgive me if I wait for independent verification.

Yeah, I guess. It's just semantics. :D

You wouldn't consider OpenGL or Quartz separate, would you? They're promoted similarly by Apple, as parts of Mac OS X.

Now let's say they find one of those every day. Would you expect Apple to offer a Security Update every day?

You wouldn't consider OpenGL or Quartz separate, would you? They're promoted similarly by Apple, as parts of Mac OS X.
Until I read MisterMe's reply, I didn't understand that the term "QuickTime" stood for a bunch of APIs in the OS. I guess I was thinking that it was "QuickTime Player" that had the issue. Since I've seen that get updated independently of Apple 10.4.whathaveyou and security updates, I didn't consider it part of the OS. :o

Until I read MisterMe's reply, I didn't understand that the term "QuickTime" stood for a bunch of APIs in the OS. I guess I was thinking that it was "QuickTime Player" that had the issue. Since I've seen that get updated independently of Apple 10.4.whathaveyou and security updates, I didn't consider it part of the OS. :o

Apple changed a lot since Mac OS X.

I remember installing games which also had a separate QuickTime installer back in version 2.x days, so that the games would run. There weren't other choices way back when. Every application did its own thing.

It's possible that the system would run without QuickTime but I'm not sure whether alert sounds or visual effects would actually work. On the other hand, the visual interface on newer machines would not work without OpenGL or Quartz.

Well, I appreciate their enthusiasm for finding Apple bugs, but I do take offense to the fact that they release them in the wild before releasing them to Apple. At the very least publish the details and release the working exploits at the end of January or something. Then again to these guys, anyone who disagrees "needs to call a hotline", and would "wear pink pants if Steve Jobs did." And apparently "Johnny Pwnerseed" is a cool psuedonym.

I don't like this needless posturing at the expense of innocent users.

I doubt that was aimed at most Mac users, only the ones who see themselves as high-and-mighty because they use a Mac, emailing the guy death threats and attempting several DoS attacks on his server.

Apple changed a lot since Mac OS X.Huh!
I remember installing games which also had a separate QuickTime installer back in version 2.x days, so that the games would run. There weren't other choices way back when. Every application did its own thing.QuickTime has always been an System add-on--an INIT in System 6 parlance or Extension in System 7-9 parlance. It was with QuickTime 3.0 that QT began to take the shape of an essential System component.
It's possible that the system would run without QuickTime but I'm not sure whether alert sounds or visual effects would actually work. On the other hand, the visual interface on newer machines would not work without OpenGL or Quartz.You can run Darwin, but you cannot run MacOS X without QuickTime.