August 18, 2010

I’ve fallen a bit behind on blog posts about notable security updates (I was counting on August to be the slowest month this year work-wise, but so far it’s actually been the busiest!). Recently, Apple released a series of important patches that I haven’t covered here, so it’s probably easiest to mention them all in one fell swoop.

-QuickTime 7.6.7, for Windows 7, Vista and XP: Fixes a single security vulnerability in QT.

-iTunes 9.2.1, for Mac OS X 10.4.11 or later, and Windows 7, Vista and XP: Fixes a single vulnerability, and includes QT update.

[NB: Windows users should run the bundled Apple Software Update application to ensure both QuickTime and iTunes are up-to-date.]

-iOS 3.2.2 Update for iPad, iOS 3.2 and 3.21 for iPad: Addresses two serious flaws, including the PDF reader flaw that allowed jailbreaking on 3.21 iPads, iPhones and iTouches. If you have jailbroken your iPad and you’d like to keep it that way, grab the unofficial patch from the Dev-Team. Instructions for doing that are here, but basically you open Cydia with your jailbroken device and search for “PDF Patch,” and apply it.

-iOS 4.0.2 Update for iPhone and iPod touch (2nd generation or later): Again, this update fixes two security holes, including the one used to jailbreak these devices. If you have not jailbroken your device, apply this patch. If you have jailbroken your device and want to keep it that way, search for the PDF patch as instructed above.

[NB: If you’re not familiar with the terms “jailbreaking” and “Cydia,” then you should just apply the Apple updates if you use these mobile devices.]

-Safari 5.0.1, Update for Mac OS X 10.5.8, 10.6.2 or later, and Windows 7, Vista and XP: Fixes at least 15 security flaws in Safari 5.

-Safari 4, on Mac OS X 10.4.11, OS X Server 10.4.11, et al: Corrects at least 15 flaws in the older version of Safari.


18 thoughts on “Apple Patch Catchup

  1. KFritz

    Coming soon to a store near us: Apple Patch Catchup Dolls!

  2. Roger

    Are you sure you’re right when you say itunes 9.2.1 includes the quicktime update? From the context I believe you’re saying itunes 9.2.1 includes quicketime 7.6.7. I dont think that is correct.

    iTunes 9.2.1 came July 19
    http://support.apple.com/kb/HT4263
    It fixed CVE-ID: CVE-2010-1777 a flaw in itpc: urls.

    I hit apple software update many times, but its says I’m up to date. I installed Quicktime 7.6.7 by going to http://www.apple.com/quicktime/download.
    http://support.apple.com/kb/HT4290 quicktime 7.6.7 fixes CVE-2010-1799 an issue in debug logging.

    Bottom line is I think Apple has left iTunes customers unprotected against this quicktime vulnerability.

    1. BrianKrebs Post author

      Roger – Interesting. I just downloaded iTunes a couple of days ago, and it included QT, and I went on using iTunes normally. But I later found QT wasn’t actually installed until I opened the program manually. At that point, it said it needed to close all browsers in order for the installation of Quicktime to continue. I let it proceed and it went on to install QT 7.6.7.

    2. Moike

      I’ve confirmed this – there is not a new iTunes update; you have to run the Apple Software update manually to get the QuickTime component of iTunes updated.

        1. JCitizen

          I just let File Hippo’s Update Checker worry about it; I get all my updates when and from it. It has never let me down yet.

  3. Joshua Proschan

    I ran the Apple updater on an XP laptop. It offered only iTunes. After that completed I checked QuickTime, and it was updated to 7.6.6, not 7.6.7. Running the Apple updater manually did not get the QuickTime update. I had to download it manually and install it myself.

  4. jerry

    I manually ran the apple software updater on a XP SP3 pc and it offered the I Tunes update and QT 7.6.7.
    Wonder why some are getting the new and improved and others aren’t?

  5. Al

    I have a 2nd gen. 8 GB iPod Touch but was unable to update the device’s software when there was that recent major upgrade. iTunes tells me I need an update in software bur it never works. Does anyone have any ideas?

  6. Mark Kelly

    I will follow Apple patching trends closely. I believe a lot of people falsely assume the total cost of ownership of Apple devices is lower due to perceived lack of a need for patching. Articles like this help give further evidence that assuming that is faulty wishful thinking.

    1. F-3000

      @Mark:
      I would have agreed with you even before reading this post. And for a note, I once was one of those “Mac lovers”, so I have some actual experience of what I’m talking about.

      Yet, if I could afford, I would buy a Mac for gaming purposes (install Win on it). Just because of the quality of Apple’s computers, which has nothing to do with “lack of need to do (software) patching”. Macs perhaps lack the top notch Hertzes, but all of the Windows- & PC-focused magazines that have tested Macs (and which ones I’ve read, obviously), have stated that Windows runs (slightly) better on (Intel) Mac than on equivalent PC, or have nothing to complain about the combination itself.

    2. Rick

      I fail to see how total cost of ownership is affected by the need to update things. I do however see how total cost is affected by needing to purchase an obscene array of silly and ultimately useless antivirus suites.

      I’d also wonder how you’d calculate the total cost of ownership for the 154 unfortunate souls who flew JK 5022 two years ago today.

    3. dannyo152

      TCO is comprised of costs, i.e., money out. Did you have to give money to Apple to get the updates? You aren’t counting downtime while updates are being applied, because if you choose to stare at the progress bar while updates are downloading and being applied – and this is true for all oses – it’s more a choice than a cost. You could be doing something else or taking a break. (Thank goodness the days of rebooting update by update are gone.) My experience with updates is that the process may proceed in the background while I work on something else.

      Also, TCO is a meaningless metric without an accounting for benefit.

      But, here’s the real point, our computers are productivity tools with innate acquisition and maintenance costs and annoyance factors. Sometimes people will pay more in acquisition and/or maintenance to reduce the annoyance. When it’s all said and done, are you producing high quality deliverables at a reasonable cost in a fast enough turnaround time frame?

      And if you’re using your computer for fun, where the heck does TCO and ROI come into play?

  7. Jim

    I don’t own, and probibly never will, own any Apple gear. This includes iTunes and QuickTime. Life is hassle enough with Apples in it.

    1. F-3000

      If you already know what software to use/you like, I think there’s no need to bother with Apple’s software.

      1. xAdmin

        While Apple makes some beautiful products, a major problem for me is the absolute requirement of iTunes (which includes QuickTime) to even fully utilize many of those products! Frankly, I won’t allow that bloated piece of garbage anywhere near a computer I value! Not to mention Mac OS X includes Java, which is also on my NEVER use software list! Finally, there is also something to be said about the attitude of “don’t hold the phone that way” Steve Jobs that just completely rubs me the wrong way.

  8. stvs

    Re: Apple’s pdf fix. Saurik also released a patch “PDF Patch” available from Cydia for iPhone2G and iPod Touch 1G, which Apple doesn’t cover.

    And, as I have confirmed myself, redsn0w jailbreaks iOS 4.0.2 on a 3G just fine, and also 3GS I believe.

  9. Speaker

    Apple the new world leader in software insecurity

    Search it up.

Comments are closed.