Great – hot on the heels of a WMF vulnerability (“why does Microsoft keep having buffer overflows when the rest of the industry doesn’t?”), we get a TGA/TIFF/QTIF/GIF/media-file overflow vulnerability in QuickTime – the warning seems almost designed to get lost in the noise surrounding Microsoft’s regular updates – but that would be a cynical view.
When I visited the page referenced above, which is at Apple’s own site, I could not find a link to the patch, or to download the current version of QuickTime for Windows. I’ve been doing this “computer thing” for a couple of decades now, and so has my cube-neighbour, who went looking for it as well, without success. [Hopefully Apple will read this, and edit the page so that by the time you read this, the link is prominent and obvious, but if you can’t find it, read on…]
You can find the current version of QuickTime for Windows at http://www.apple.com/quicktime/download/win.html
Finally, yes, the version of QuickTime at the Apple download link is 7.0.4, which is supposed to include the patches against remote exploit through image vulnerabilities.
The main thrust of this rant has been that this is really not so useful in terms of a security update – but there’s a subtle theme throughout – in order to get a tool that I want, I have to install and then remove a tool that I don’t want. Bundling is a fine tradition – and if Apple was to bundle QuickTime and iTunes such that iTunes was required, I’d simply refuse to watch .mov files. But this method of bundling – requiring it be installed, but allowing uninstallation afterwards – seems to be more like punishing people who want to view QuickTime format movies.