Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: Apple QuickTime and iTunes continued SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple QuickTime and iTunes continued
Apple seems to hit a rough spot in the road with their latest patches.


Accusations of the software's main new feature calling home with track and artist names of the files you play. Now of course that's needed to show related albums for you to buy, but there are a number of questions remaining open. Till then, perhaps it's better not to have the call home feature if you value privacy or just have too many mp3s ...


I have the original upgrade myself and no problem so far, but aparantly Apple has recalled it. And they also seem to have published it again. Bottom line: I'm confused. Take care with not updating QuickTime to 7.0.4. as it did patch 8 vulnerabilities. Perhaps that silly joke movie can wait a little longer than getting exploited.

Of course if you produce movies quicktime's functionality might be more important than the security of your browser on the Internet and your risks might be different.
  • For general users, I would urge not to downgrade as you'll have the vulnerabilities back. Moreover the problems seem to be not that clear. I'm running the initial Quicktime 7.0.4 uprade and it works just fine.
  • Still the uninstaller is here should you not be able to continue without the old version.
Before some of our readers think I'm bashing Apple: I'm typing this on a Mac, a Mac I like a lot.
Before some think I love Apple for all they do: I don't, but that's another story.

Swa Frantzen

760 Posts
Jan 14th 2006

Sign Up for Free or Log In to start participating in the conversation!