We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,780 News Articles

QuickTime 'bigger security risk than Internet Explorer'

Users patch IE, don't update QuickTime or Winamp

Apple's QuickTime is three times more likely to pose a threat to your PC's security than Internet Explorer 6.0. QuickTime is six times riskier than Firefox, according to Secunia.

The higher risk posed by QuickTime stems from inadequate patching by users. According to an analysis of more than 350,000 system checks done over the past six months by the free Secunia Software Inspector, 33.1 percent of all QuickTime 7.0 installations weren't kept up to date with security patches.

And Apple isn't the only vendor whose products aren't kept up to date by users. Another music player, AOL's Winamp, was almost as likely to be outdated: 27 percent of Winamp 5.0 installations required important security fixes.

Compared to QuickTime or Winamp, Microsoft's Internet Explorer 6.0 and Mozilla's Firefox are models of security, said Secunia. Only 9.6 percent of Internet Explorer 6.0 installations lacked one or more patches, while just 5.2 percent of Firefox 2.0 deployments required an update.

Secunia's data shows that outside of operating systems and browsers, users neglect regular patching. Of course, users know that browsers suffer from security holes, and updating them - particularly Microsoft products - is often a well-established habit that takes place on a known schedule.

"This constitutes a significant problem," said Jakob Balle, Secunia's development manager.

"Most people wouldn't hesitate to open an .mpg, .jpg, .mov or .mp3 file from any source if it seems the least bit interesting and relevant.

"It's easy to embed a movie in your home page, for example, and all it takes is one unpatched QuickTime vulnerability and a provocative video title to compromise a lot of visitors."

Researchers regularly identify vulnerabilities in QuickTime and Winamp. Secunia's own database, for example, pins 10 bugs on QuickTime 7.0, three of them so far this year. The most recently patched QuickTime flaw was disclosed about three weeks ago and patched on 1 May. Winamp 5.0 sports 11 vulnerabilities, said Secunia; the last bug was also quashed earlier this month.

IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...