Apple issues major patch updates for QuickTime, iPod touch

Also fixes flaws in iTunes and Bonjour, patches iPod DNS bug

Apple Tuesday patched 20 security vulnerabilities in its QuickTime media player, iTunes music store client, iPod touch device and Bonjour network software. More than half of the bugs could let hackers hijack computers or the iPod.

In four separate security updates, Apple fixed nine flaws in QuickTime, seven in the iPod touch's software and two each in iTunes and Bonjour for Windows.

Danish vulnerability tracker Secunia rated the QuickTime and iPod touch bugs as "highly critical," its second-highest threat ranking. The company pegged the Bonjour and iTunes flaws as "less critical," the second-lowest ranking.

Tuesday's update to QuickTime 7.5.5 was Apple's fifth this year for the problem-plagued media player. Apple has plugged a total of 30 holes in the program in 2008, most recently in early June.

Five of the nine vulnerabilities affect both the Mac and Windows versions, while four affect only QuickTime for Windows XP and Vista. Apple described eight of the bugs as allowing "arbitrary code execution," a phrase it uses to describe its most serious threats. Unlike vendors such as Microsoft and Oracle, Apple doesn't rank the bugs it fixes with a scoring or labeling system.

The patches address vulnerabilities in how QuickTime parses PICT images, QTVR (QuickTime Virtual Reality) files, QuickTime movies, H.264-encoded movies and Indeo-encoded video, according to Apple's accompanying advisory. Similar such flaws were also patched in June, when Apple quashed different bugs in PICT parsing and Indeo video handling.

A majority of the vulnerabilities were reported to Apple via bug bounty programs run by 3Com's TippingPoint and VeriSign's iDefense research arms.

Of the flaws fixed in the iPod touch, Bonjour for Windows and iTunes, the most serious were patches for the iPod's open-source FreeType font engine and its Safari Web browser. The four vulnerabilities in those two programs, said Apple, could be used by attackers to introduce rogue code, and possibly compromise the device. The iPod touch, which was revamped just yesterday, is an iPhone lookalike that can connect to the Internet via Wi-Fi.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Topics: Apple, ipod touch, quicktime
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?