http://www.extremetech.com/computing/226894-apple-confirms-quicktime-for-windows-is-de...and-hard-place
critical vulnerabilities / security risks not going to be patched
http://www.toptechnews.com/article/index.php?story_id=101005UMU0ZS
Try StreamFab Downloader and download from Netflix, Amazon, Youtube! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Results 1 to 13 of 13
Thread
-
-
They've been freaking out about this on the Avid forum for days.
If you need quicktime you can uninstall it then reinstall with only the core components. The exploits are both based on manipulating the moov atom of online media. To date no one has actually maliciously used the exploit. -
Bad news for some Adobe Creative Cloud users.
Adobe warns that uninstalling vulnerable QuickTime for Windows can break Creative CloudThey that give up essential liberty to obtain a little temporary safety deserve neither liberty or safety.
--Benjamin Franklin -
apple is allowing active critical exploits that they have been aware of for 6 months to go unpatched forever. what a bunch of f'ing morons, all it takes with one of them to infect a computer with them is to visit a website. and if you need apple prores in your video work flow you're out of luck because prores codecs will no longer work on the windows platform without quicktime.
i deleted all apple crap off my computers. my web development computers don't even have safari anymore. i don't give a hoot if my websites don't work with safari, they can use a different browser. if someone sends me prores to work with i'll tell them to convert that crap themselves.--
"a lot of people are better dead" - prisoner KSC2-303 -
Adobe doesn't really do opensource much. However, this isn't quite a "the sky is falling" situation, like it is being advertised.
First: Quicktime 7.x API has been deprecated for a number of years now, so the writing's been on the wall and most people have got their act together. Adobe has just been slow to finalize things, though they have done some transitioning already.
Second: The vulnerability seems to be in how malicious code could piggyback inside the mov atom (header), but this really only affects DECODING, and mainly affects the Web plugin. One could very easily remove the web plugin (both by disabling it in FF, and/or deleting the DLL, and/or uninstalling QT).
Third: If you vet your files (can verify that they all come from trusted known-good sources), this is a non-issue. If you don't, and you still need access to the wide variety of codecs in MOV files, a simple solution is TRANSCODING to a safe codec & container via ffmpeg, LAV filters, etc. Or SANDBOXING in a VM, frozen PC or isolated bench PC. Or convert on a Mac to safe PC formats.
Fourth: As I found out earlier this spring when trying to troubleshoot an issue with 64bitPPTwin2010 and MOV/MP4 playback, the best solution (besides upgrading to 2013 or using a Mac) is to use LAV filters for decoding & playback of ALL mov files (since it seems to work with the vast majority of QT codecs, is FOSS, runs faster than QT, and works in both 32bit and 64bit spaces), so you can completely eliminate QT for both PPT, web, and standalone playback. It hooks into Dshow, so there is no Apple code involved.
Fifth: The main stumbling block with Adobe usage is the industry reliance on ProRes. I say: either boycott Apple/ProRes, or encode to Lossless AVI/MKV/MXF, and/or only use a Mac or reverse-engineered FOSS PC mov encoders, or wimp out and license the ProRes code to encode directly. Since YOU (the user) are creating the file, you know it isn't compromised with a virus.
Again, maybe it's time to put Apple's "my way or the highway", N.I.H. bullying tactics out on the mat and demand they: open up 3rd party codecs to AVfoundation, port the AVfoundation (QT X) over to 64bitWindows PCs (and keep it code-current), release AVfoundation as opensource, and/or allow ProRes (etc) decode to follow a fair and open reference model (so 3rd party encoders can make encodes that are compliant and playable in Macs) along the lines of MPEG. If they won't, the industry should embrace MOX or a similar open MOV format replacement.
ScottLast edited by Cornucopia; 21st Apr 2016 at 11:54.
-
Thanks pdr.
"A user would have to visit a malicious Web page or open a malicious file to exploit either of the vulnerabilities. Each vulnerability would execute code in the security context of the QuickTime player"
That provides some perspective on what this vulnerability entails. IOW, vulnerabilities are just as much about the exploit as they are about user behavior q.v. imaging a virgin build, embracing format c:, keeping your video workstation off the web, moving all your content to WORM storage, etc.
With the rise of 4K, ProRes feels dated anyway. I, for one, welcome our new XAVC overlords. -
LOL that needs a bit of re-wording. try "all a user would have to do is visit a malicious web page to have their computer infected with any trojan, virus, or pay to unlock all your files malware" is more accurate.
--
"a lot of people are better dead" - prisoner KSC2-303 -
Haha, not my wording. I just pulled out from pdr's linked article. But yes, all malware requires the cooperation of the user. That's why some people are virus magnets. You know who they are. I have met more than my share.
-
all my canon dslr mov files still import and work in vegas pro 13 and premiere pro just fine with no apple software on the computers.
--
"a lot of people are better dead" - prisoner KSC2-303
Similar Threads
-
Vegas EOL
By SameSelf in forum Latest Video NewsReplies: 2Last Post: 13th Apr 2016, 15:51 -
Video works in Windows Media Player but not VLC or Quicktime
By david0288 in forum Video ConversionReplies: 2Last Post: 17th Mar 2015, 15:09 -
Codec to play DTS audio with QuickTime Player for Windows?
By AVR2 in forum Software PlayingReplies: 4Last Post: 28th Aug 2012, 03:44 -
Play DVD Audio in QuickTime for Windows?
By seskanda in forum Software PlayingReplies: 8Last Post: 17th Mar 2012, 01:11 -
Need free Windows quicktime video capture util
By geneaum in forum CapturingReplies: 13Last Post: 6th Jan 2012, 15:11