Steve Jobs really cares about your computers’ Security – like NOT

Run the Secunia inspection tool and you find that Steve Jobs doesn’t care about the security on your system because he doesn’t make it easy AT ALL to patch for a security issue with Quicktime… 

This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!

The detected version installed on your system is, however, the latest secure version released by the vendor, fixing one or more vulnerabilities, is

Update Instructions:
Update to version or later.

Currently, it is NOT possible to download a secure installation from the download page. Therefore, in order to secure your installation you need to take the following steps:

Step 1)
Run the “Apple Software Update” application.

This application is normally installed together with Quicktime, if this is not the case, you will need to re-install Quicktime by downloading it from again.

Step 2)
Select and install the available update called “Security Update 2007-1”.

If your “Apple Software Update” application is not up-to-date, then you will asked to update this first.

Vulnerabilities Fixed:
Read about the vulnerabilities fixed with this update in
Secunia advisory SA23540 (opens in a new window). The Secunia advisory describes the vulnerabilities fixed by the latest security update. If your installation is outdated with more than one version, then more vulnerabilities may be covered.

Yes boys and girls… there’s an easy to get downloadable version for Mac machines… but for Windows… you need to install the insecure 7.1.3 and then go through the programs Software update tool to get the fixed bits.  You cannot install directly a patched and fixed Quicktime version.

The only way I was able to get patched was to uninstall the Quicktime I had to reinstall with the software updater..when I went to install the 7.1.3 from the Apple web site, it said I had a newer version, yet Secunia indicated I was insecure. Launching Quicktime and having it look for updates inside the program itself indicated that it was up to date.  Secunia was the only one insisting that I wasn’t up to date and in fact still had vulnerable parts on my machine. Again, the ONLY way I was able to Quicktime patched was to uninstall it completely, install a vulnerable version and THEN update it by launching the separate software updater tool.

Look for that Icon in your program listing and ensure you launch that to install the update.

From the Apple bug project… The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage

Unbelievable…. nice one Mr. Jobs…thanks for caring so much for my security…

P.S. … okay okay yeah… I know that the headline is a cheap shot… and I’m sorry about that but come on…. the way one has to get patched for this is unreal… the updater program is just “out there” on the menu bar.  If you are an admin you have to follow Eric Schultz’s hackup way to get the patch as he discussed on, if you are a normal end user who opted to not install the updater program, you won’t get patched and it then requires admin rights….I don’t know which is worse… Microsoft’s patch SVCHOST.exe issues or Apple’s requiring us to go through hoops for this one….obviously having an unpatched vulnerability still on your machine that can be nailed “from remote” is a lot worse that CPU issues that do have patches and workarounds.

5 Thoughts on “Steve Jobs really cares about your computers’ Security – like NOT

  1. Being a tri-OS user and a skeptic, I found this hard to believe… so I had to test it for myself…I even checked the Apple Support Downloads page… Even the Methods Described by Secunia (after reinstalling QuickTime) were unavailable to me..

    As a result I have contacted quicktime support and Apple PR to inquire about this issue.

  2. This drives me crazy as well. I specifically didn’t install the update software because I like to control when I update my end-users.

  3. libertyrd on January 30, 2007 at 11:13 am said:

    I can take the MS koolaid, tats, underwear and whatever other ‘religious’ symbols are required for such devotion to Redmond…I can take the fractured syntax…I can (barely) take all the QuickBooks posts. But the feeble Zune vs. iPod show, and now this horrible (HORRIBLE!, I say) Quicktime problem as an even more feeble shot-across-the-Jobs-bow attempt! Like no thanks.

    You do wonderful SBS work and are obviously hugely dedicated & talented (and make Yoda look. But QuickTime? So don’t use it – is it even a *required* program in your world. Sure Apple’s effort here is lame. But, for example, DST is going back & forth on the lists for what now, the 3rd or 4th week?

    Free speech for you and me, and for me it’s killing the RSS feed as much as I need/enjoy the odd SBS post.

    P.s. sorry to disappoint the first guess, but I am not a Apple fanatic or even Mac owner – all I own is the (now ancient) original iPod Shuffle. Neither an I a MS-basher. I live & work in the Windows & sometimes Novell world.

  4. libertyrd on January 30, 2007 at 11:15 am said:

    (did I leave the unfinished Yoda comment before submitting? if I did, it was to end up being a compliment)

  5. bradley on January 30, 2007 at 12:57 pm said:

    Apple Quicktime comes in on applications. I need to patch it… and there’s currently no corporate way to do that.

    It impacts a SBS network as it introduces risk of unpatched software.

    Adobe doesn’t provide an easy way to patch some of their software as well. Granted the headline was provoking yes, but it’s a complaint against any software vendor that doesn’t provide an easy way to patch.

    This isn’t about “Apple” per se.. more of a vendor doing a lame patching.

    Blogs are personal… and free speech indeed.

Post Navigation