QuickTime vulnerable

According to security vendor Bit9, QuickTime is among the most security flaw-ridden Windows applications. Apple's media player ranks second on the list of programs that are difficult for an IT department to patch and/or "represent unexpected and unquantified vulnerabilities in an enterprise IT environment." Another Apple product, iTunes, appears at number 6. Meanwhile, according to a ZDNet report, Yahoo's standalone IM client, Yahoo Messenger, is number one on the list. Microsoft has only one entry on the list: Windows Live MSN Messenger at #4.

Bit9 explained why Microsoft's products, though subject to a number of flaws, do not factor highly in the list: "The reason most Microsoft software doesn’t make the list is because by now most companies have a pretty good process in place for identifying, patching, and fixing vulnerable Microsoft software. The same cannot be said for apps like Firefox, iTunes, and other packages."

Apple's generally stellar security reputation has been under fire lately. A new trojan horse designed specifically for Mac OS X systems has been discovered on several pornography websites that can hijack Web traffic, according to security firm Intego. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue.

In addition, Mac OS X Leopard is not fundamentally better for security than Tiger, several security experts suggest. Thomas Ptacek of Matasano Security writes that Leopard's new security features, though an improvement, still leave unnecessary gaps open. Library Randomization is meant to solve problems such as buffer overflow attacks, by preventing hackers from knowing where to place a code in memory; the equivalent of this in Windows Vista is Address Space Load Randomization.

by MacNN Staff