MacOS X Flaw: Severe Quicktime Vulnerability

Discussion in 'macOS' started by gloss, Jan 2, 2007.

  1. gloss macrumors 601

    gloss

    Joined:
    May 9, 2006
    Location:
    around/about
  2. atari1356 macrumors 68000

    atari1356

    Joined:
    Feb 27, 2004
    #2
    Wow... hope Apple can patch that one up quickly! :(
     
  3. lamina macrumors 68000

    lamina

    Joined:
    Mar 9, 2006
    Location:
    From Canada, living in Seoul
    #3
    Ohhhh scary... a super-long QuickTime file name creating a buffer overflow.

    Apple will have this patched in no time.

    Month of Apple Bugs
     
  4. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #4
    This will prove an interesting month.

    Time to see if Apple are actually awake.
     
  5. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #5
    Not that it matters (it needs to get patched), but isn't this a QuickTime flaw and not an OS X operating system flaw?
     
  6. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #6
    QuickTime comes with every Mac and a heck of a lot of basic functionality relies on it, so I'm not sure it's useful to view at it as a separate piece of software.
     
  7. 840quadra Moderator

    840quadra

    Staff Member

    Joined:
    Feb 1, 2005
    Location:
    Twin Cities Minnesota
    #7
    Wow, didn't do anything on my system besides display a bunch of garbage on my screen..

    However I have disabled auto play of quicktime movies on web pages. An old habit from my Windows days.
     
  8. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #8
    Yeah, I guess. It's just semantics. :D
     
  9. Lixivial macrumors 6502a

    Lixivial

    Joined:
    Jan 13, 2005
    Location:
    Between cats, dogs and wanderlust.
    #9
    Well, I appreciate their enthusiasm for finding Apple bugs, but I do take offense to the fact that they release them in the wild before releasing them to Apple. At the very least publish the details and release the working exploits at the end of January or something. Then again to these guys, anyone who disagrees "needs to call a hotline", and would "wear pink pants if Steve Jobs did." And apparently "Johnny Pwnerseed" is a cool psuedonym.

    I don't like this needless posturing at the expense of innocent users.
     
  10. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #10
    QuickTime is not an application. It is the set of multimedia APIs in MacOS 9/MacOS X. To the extent that QuickTime has been ported to Windows, a substantial portion of MacOS X has been ported to Windows. Having said that, it is also important to understand that the reported exploit works only on Intel-based computers--either Windows or MacOS X. It does not work on PPC-based Macs. Another thing to remember is that this is not our first rodeo. With great fanfare in the past, we have heard reports of MacOS X exploits only to have those exploits come to naught. So far, we have only the exploit's author's word for it that a real exploit has been found. Forgive me if I wait for independent verification.
     
  11. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #11
    You wouldn't consider OpenGL or Quartz separate, would you? They're promoted similarly by Apple, as parts of Mac OS X.
     
  12. Diatribe macrumors 601

    Diatribe

    Joined:
    Jan 8, 2004
    Location:
    Back in the motherland
    #12
    Now let's say they find one of those every day. Would you expect Apple to offer a Security Update every day?
     
  13. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #13
    Until I read MisterMe's reply, I didn't understand that the term "QuickTime" stood for a bunch of APIs in the OS. I guess I was thinking that it was "QuickTime Player" that had the issue. Since I've seen that get updated independently of Apple 10.4.whathaveyou and security updates, I didn't consider it part of the OS. :eek:
     
  14. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #14
    Apple changed a lot since Mac OS X.

    I remember installing games which also had a separate QuickTime installer back in version 2.x days, so that the games would run. There weren't other choices way back when. Every application did its own thing.

    It's possible that the system would run without QuickTime but I'm not sure whether alert sounds or visual effects would actually work. On the other hand, the visual interface on newer machines would not work without OpenGL or Quartz.
     
  15. Fillado macrumors member

    Joined:
    Jul 23, 2006
    #15
    I doubt that was aimed at most Mac users, only the ones who see themselves as high-and-mighty because they use a Mac, emailing the guy death threats and attempting several DoS attacks on his server.
     
  16. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #16
    Huh!
    QuickTime has always been an System add-on--an INIT in System 6 parlance or Extension in System 7-9 parlance. It was with QuickTime 3.0 that QT began to take the shape of an essential System component.
    You can run Darwin, but you cannot run MacOS X without QuickTime.
     

Share This Page