Quick Time Zero-Day Monday
Ah, there’s nothing like the Monday morning after a long holiday weekend, and this one is bright, brisk and clear. Makes this fella want to stay in bed.
But like you, I’m up-and-at-’em. Re-invigorated, and ready to face the week.
You may have noticed that today’s title is a little strange-looking. But when I break it down, it should make more sense. Those of you who are regular readers of this series already know that I am an advocate of secure computing and that I am always providing tips, advice, and downloads to help you keep away the digital Evil Doers (aka “cyber criminals”). Today’s article follows in that proud tradition.
Regular readers also know that during holidays, I often re-post past articles– which I did, twice, this week. However, I did post one original article which (if you’ll forgive me a little vanity) may be one of the most important of all of the articles I have posted so far. (It is certainly my current soapbox ‘hot topic’.) Please, if you missed it, click here and read it. It is relevant to all computer users and discusses your first line of defense against hackers– software patches.
Now, to explain today’s title: The first two words are Quick Time, which is a media viewer (and format) from Apple which comes packaged with the iTunes software. 
Quick Time sort of competes with Macromedia’s Flash format, and is used as a way of presenting animations and short ‘films’ on the Internet. You may have been asked to install Quick Time as a browser “plug in”, to view certain material, by a website.
The second two words are “zero day“. Zero-day is a security term used to describe the period [I mentioned in the prior article] between when an exploit has been discovered– and the hackers are using it to attack, and take control of machines — and when a patch has been found and is available to the public. During this period, there is no (ready) defense against the hacker’s attack code.
There is currently an attack underway targeting a vulnerability in Quick Time, and there is as of yet no patch. In other words, a “zero-day attack” is travelling the Internet and people with Quick Time installed have no defense against having their machines turned into spam-launching zombies, or having malware installed.. or whatever else the cyber criminals want to use their machines for.
This “buffer-overflow” attack affects any machine with Quick Time installed, whether it be Apple OS X, or Windows Vista/XP.
Tip of the day: Don’t be vulnerable to this nasty zero-day attack. Since there is no patch (or, “update”) yet, for the time being, you must be particularly vigilant about clicking on links to websites you receive in emails, avoid visiting websites you haven’t been to before (practice “safe browsing”), and make sure your antivirus is up-to-date.
I don’t use Quick Time (nor do I use iTunes), preferring to miss out on that content (if a website uses it) than to have another media player on my machines. And I suggest that you may want to uninstall it if you have it.. particularly if you rarely use it.. as you can always re-install it once Apple releases a patch (at this time, there is no announced “expected release date”). I also recommend uninstalling the browser add-in version (to read how to remove/manage browser plug-ins, click here).
More advanced users should go into their router’s and/or firewall’s settings and block outbound TCP port 554.
As a fella used to say, let’s be careful out there.
[updated: Apple has released a fixed (updated) version of QuickTime that closes this critical flaw. Windows users can either answer “yes” to the autoupdate alert, or click here, and download the updated version, while Mac users will need to find the appropriate OS version download.]
Today’s free link: I have mentioned that I am a gamer and that I like flight simulators. YS Flight Simulation System 2000 is a free simulator that works even on Linux, and is highly adaptable with “mods” and additional planes (comes with 50) and not-too-stringent graphics needs.
Copyright 2007 © Tech Paul. All rights reserved.
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 