Today on Blogcritics
Home » Culture and Society » Science and Technology » Apple QuickTime Wins Bug of the Month

Apple QuickTime Wins Bug of the Month

Please Share...Print this pageTweet about this on Twitter0Share on Facebook0Share on Google+0Pin on Pinterest0Share on TumblrShare on StumbleUpon0Share on Reddit0Email this to someone

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.

The BugBlog Bug of the Month appeared on 1/11/2006.

A bug in Apple QuickTime for both Mac OS X 10.3.9 or later, and Windows 2000/XP, may allow an attacker to run hostile code on your computer. They can do this via a QTIF image with hidden hostile content that can generate a heap buffer overflow. This has been patched in QuickTime 7.0.4, which you can get via Apple’s Software Update or from their support site. Apple credits Varun Uppal for finding this bug.

Why this bug? Actually, this bug affected more than just QTIF images. It also posed a threat with JPEG, TGA, TIFF, and GIF images, too. Also, it came right on the heels of Microsoft’s security problems with WMF files, and showed that Apple users couldn’t be too smug.

To top it off, by 1/14 reports were circulating that the upgrade itself had some problems.

Many people who have installed the Apple QuickTime 7.0.4 update are complaining about the problems they are having with it. You can see two extended discussions of this here and here. Apple has posted a QuickTime 7.0.1 reinstaller if you want to remove the update. It can be downloaded here. The reason for the update in the first place was to patch numerous security bugs that may allow hostile content to come in via graphics files. There seem to be more complaints about QuickTime for Mac than QuickTime for Windows — but that may be because Mac users are more likely to go to the Apple Forums.

In fact, it is now February, and if you go to the Apple Support page and look at their listing of the Top Downloads, you will see that the 7.0.1 Reinstaller makes the list, but not the upgrade.

Powered by

About Bruce Kratofil

  • http://www.nul.bz Slobec

    Wow, they found a bug in an old version of Quicktime running on an obsolete version of OS X. Yawn. That may win the “Most Irrelevant Bug of the Month.” Apple owners aren’t smug, just confident in the quality of the products they own. And for good reason. Apple is certianly not irreproachable, but generally they do alright for their customers. It is evidenced in this article when it is mentioned that by the time of the writing of the article, the bug had LONG been patched. If you’re looking for chinks in Apples armor to attack, you’ll find them, no dooubt. This, however, isn’t one of them.

  • http://www.bjkresearch.com/bugblog Bruce Kratofil

    As the item says, it is for Mac OS X 10.3.9 and later — which means it is not an obsolete version, but up to and including the current version of OS X, as well as the up-to-date Windows version.

    And it is for the current version of QuickTime, which is indeed 7.0.4. Given the problems, Apple is offering the rollback to 7.0.1.

  • Darian

    Haha… pwned.