VideoHelp Forum


Try DVDFab Video Downloader and rip Netflix video! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Results 1 to 13 of 13
Thread
  1. They've been freaking out about this on the Avid forum for days.

    If you need quicktime you can uninstall it then reinstall with only the core components. The exploits are both based on manipulating the moov atom of online media. To date no one has actually maliciously used the exploit.
    Quote Quote  
  2. Bad news for some Adobe Creative Cloud users.

    Adobe warns that uninstalling vulnerable QuickTime for Windows can break Creative Cloud
    They that give up essential liberty to obtain a little temporary safety deserve neither liberty or safety.
    --Benjamin Franklin
    Quote Quote  
  3. Member racer-x's Avatar
    Join Date
    Mar 2003
    Location
    3rd Rock from the Sun
    Search Comp PM
    I wonder if they will incorporate open source alternatives like ffmpeg?
    Got my retirement plans all set. Looks like I only have to work another 5 years after I die........
    Quote Quote  
  4. aBigMeanie aedipuss's Avatar
    Join Date
    Oct 2005
    Location
    666th portal
    Search Comp PM
    apple is allowing active critical exploits that they have been aware of for 6 months to go unpatched forever. what a bunch of f'ing morons, all it takes with one of them to infect a computer with them is to visit a website. and if you need apple prores in your video work flow you're out of luck because prores codecs will no longer work on the windows platform without quicktime.


    i deleted all apple crap off my computers. my web development computers don't even have safari anymore. i don't give a hoot if my websites don't work with safari, they can use a different browser. if someone sends me prores to work with i'll tell them to convert that crap themselves.
    --
    "a lot of people are better dead" - prisoner KSC2-303
    Quote Quote  
  5. Member Cornucopia's Avatar
    Join Date
    Oct 2001
    Location
    Deep in the Heart of Texas
    Search PM
    Adobe doesn't really do opensource much. However, this isn't quite a "the sky is falling" situation, like it is being advertised.

    First: Quicktime 7.x API has been deprecated for a number of years now, so the writing's been on the wall and most people have got their act together. Adobe has just been slow to finalize things, though they have done some transitioning already.

    Second: The vulnerability seems to be in how malicious code could piggyback inside the mov atom (header), but this really only affects DECODING, and mainly affects the Web plugin. One could very easily remove the web plugin (both by disabling it in FF, and/or deleting the DLL, and/or uninstalling QT).

    Third: If you vet your files (can verify that they all come from trusted known-good sources), this is a non-issue. If you don't, and you still need access to the wide variety of codecs in MOV files, a simple solution is TRANSCODING to a safe codec & container via ffmpeg, LAV filters, etc. Or SANDBOXING in a VM, frozen PC or isolated bench PC. Or convert on a Mac to safe PC formats.

    Fourth: As I found out earlier this spring when trying to troubleshoot an issue with 64bitPPTwin2010 and MOV/MP4 playback, the best solution (besides upgrading to 2013 or using a Mac) is to use LAV filters for decoding & playback of ALL mov files (since it seems to work with the vast majority of QT codecs, is FOSS, runs faster than QT, and works in both 32bit and 64bit spaces), so you can completely eliminate QT for both PPT, web, and standalone playback. It hooks into Dshow, so there is no Apple code involved.

    Fifth: The main stumbling block with Adobe usage is the industry reliance on ProRes. I say: either boycott Apple/ProRes, or encode to Lossless AVI/MKV/MXF, and/or only use a Mac or reverse-engineered FOSS PC mov encoders, or wimp out and license the ProRes code to encode directly. Since YOU (the user) are creating the file, you know it isn't compromised with a virus.

    Again, maybe it's time to put Apple's "my way or the highway", N.I.H. bullying tactics out on the mat and demand they: open up 3rd party codecs to AVfoundation, port the AVfoundation (QT X) over to 64bitWindows PCs (and keep it code-current), release AVfoundation as opensource, and/or allow ProRes (etc) decode to follow a fair and open reference model (so 3rd party encoders can make encodes that are compliant and playable in Macs) along the lines of MPEG. If they won't, the industry should embrace MOX or a similar open MOV format replacement.

    Scott
    Last edited by Cornucopia; 21st Apr 2016 at 12:54.
    Quote Quote  
  6. Thanks pdr.

    "A user would have to visit a malicious Web page or open a malicious file to exploit either of the vulnerabilities. Each vulnerability would execute code in the security context of the QuickTime player"

    That provides some perspective on what this vulnerability entails. IOW, vulnerabilities are just as much about the exploit as they are about user behavior q.v. imaging a virgin build, embracing format c:, keeping your video workstation off the web, moving all your content to WORM storage, etc.

    With the rise of 4K, ProRes feels dated anyway. I, for one, welcome our new XAVC overlords.
    Quote Quote  
  7. aBigMeanie aedipuss's Avatar
    Join Date
    Oct 2005
    Location
    666th portal
    Search Comp PM
    LOL that needs a bit of re-wording. try "all a user would have to do is visit a malicious web page to have their computer infected with any trojan, virus, or pay to unlock all your files malware" is more accurate.
    --
    "a lot of people are better dead" - prisoner KSC2-303
    Quote Quote  
  8. Haha, not my wording. I just pulled out from pdr's linked article. But yes, all malware requires the cooperation of the user. That's why some people are virus magnets. You know who they are. I have met more than my share.
    Quote Quote  
  9. Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Search Comp PM
    So how will all the DSLR users and iPhone users edit their .mov video if their NLE depends on QuickTime libraries being installed? (Worried!)
    Quote Quote  
  10. aBigMeanie aedipuss's Avatar
    Join Date
    Oct 2005
    Location
    666th portal
    Search Comp PM
    all my canon dslr mov files still import and work in vegas pro 13 and premiere pro just fine with no apple software on the computers.
    --
    "a lot of people are better dead" - prisoner KSC2-303
    Quote Quote  
  11. Member
    Join Date
    Jun 2012
    Location
    New Zealand
    Search Comp PM
    Thank aedipuss -
    good to know
    Quote Quote  
  12. Member racer-x's Avatar
    Join Date
    Mar 2003
    Location
    3rd Rock from the Sun
    Search Comp PM
    You can also edit your mov files in any Video editor that uses ffmpeg. Aviutl is a good example, as are all Linux Video editors I've tried.
    Got my retirement plans all set. Looks like I only have to work another 5 years after I die........
    Quote Quote  



Similar Threads