Most Popular Articles
- Prune Your Time Machine Backups Selectively (01 May 2008)
- Back to My Mac Leads to Recovery of Stolen Mac (10 May 2008)
- Time Machine Exposed! (08 May 2008)
- Hand Coding HTML Is Still in Vogue (25 Apr 2008)
Recent TidBITS Talk Discussions
- Cable TV to Mac (1 message)
- Good time or dumb time to buy an iPod Touch (5 messages)
- color profiles and browsers (2 messages)
- Digital Rights Misery: When Technology Is Designed to Fail (3 messages)
In Take Control of Apple Mail in Leopard, by Joe Kissell, you'll learn how to make your email come and go as it should and easily find the email that you want to read. You'll also get help with Time Machine backups of email and much more. $10.
Published in TidBITS 914. Subscribe today to receive TidBITS in email every Monday.
- 16 GB iPhone and 32 GB iPod touch Released
- iPhoto 7.1.2 Blocks Security Vulnerability
- iPhoto Print Products Available in Australia and New Zealand
- O2 Tweaks UK Monthly iPhone Plans
- Scan Mac News Headlines at Alltop
- Please Welcome Eliana Wren Carlson
- DealBITS Discount: Save 20% on Sound Studio 3
- Tips for Better iPhoto Cards
- More Mileposts Along Road to 3G iPhone
- Apple Punished for iTunes Success
- My First Macworld Expo
- Get Bit Literate, with a Buggy Whip
- Hot Topics in TidBITS Talk/11-Feb-08
QuickTime 7.4.1 Fixes Zero-Day Vulnerability
Apple has released QuickTime 7.4.1, a critical security update all users should apply immediately. It is available via Software Update and as a direct download for Leopard, Tiger, Panther, and Windows systems.
This update patches a month-old zero-day vulnerability in the QuickTime streaming protocol (RTSP) that could allow an attacker to take over your computer if you visit a malicious Web site or receive an email with a malicious link. In security parlance, we call this "remote execution of arbitrary code," using a vulnerability for which no patch exists (the "zero-day" part). This is similar to a previous vulnerability in RTSP that Apple patched in the QuickTime 7.3.1 update (see "QuickTime 7.3.1 Fixes RTSP Vulnerability," 2007-12-14).
As usual, release notes are a sparse "addresses security issues and improves compatibility with third-party applications." A separate security note provides more details, but the security information isn't even referenced by the release notes on the download page, although they do appear on the security updates page.
Since this vulnerability has been in the wild with sample exploits for nearly a month, it is absolutely critical to apply the patch as quickly as possible.
VMware Fusion. The most seamless way to run Windows on your Mac.Backed by nearly a decade of proven virtualization technology.
Try VMware Fusion today for free, or order online for only $79.
Visit: <http://www.tidbits.com/about/support/vmware-fusion.html>
Bookmark at: del.icio.us | digg | reddit | Slashdot