Wednesday, September 10, 2008

Apple: We don' need no steenkin' security patches

Or something like that. What, you didn't hear about the critical security patches for iTunes and Quicktime? Don't feel bad - seems like Apple kept it hush hush:

Those who use Apple's iTunes or QuickTime on either a Mac or Windows machine, or who own an iPod touch, will want to install newly released updates that fix a raft of serious security bugs. Not that Apple is going out of its way to warn of the risks, mind you.

The most serious of the batch seem to be updates for QuickTime, which plug holes that could allow attackers to hijack a Mac or PC simply by tricking a user into viewing a maliciously crafted video or picture. (And given the presence of millions of recently compromised websites, how hard can that be?)

El Reg concludes with generous and understated advice:
Apple's diligence in stamping out bugs is commendable. But its Howard Hughesian obsession with secrecy and marketing imperils their considerable number of users, and that's a pity.
Mine isn't quite as understated. Hey Apple, don't be evil patches are an insanely great idea. Let folks know.

No comments: