navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Apple Quick Time 7.XXX Threat

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple QuickTime 7.x

This thread has been marked as locked.
This user no longer exists Apple Quick Time 7.XXX Threat
Member 26th Nov, 2008 13:44
Ranking: 0
Posts: 1
User Since: 1st Jan, 1970
System Score: N/A
Location: N/A
Why won't the Quick Time 7.xxx remove from the threat list after applying the solution patch or even after removing the program on a Win Vista Premium machine?

E.Jeppesen RE: Apple Quick Time 7.XXX Threat
Secunia Official 26th Nov, 2008 15:05
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
In some cases the old and insecure version of a program is not automatically removed when installing the new and secure version. That means then even though you get the new version installed correctly, you still have the old version installed which will still be detected by the Secunia PSI.

To locate the exact file that the Secunia PSI has detected, please follow there guidelines using the advanced interface:

* Click on the entry of the program to "expand" it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.

You are welcome to copy and paste the installation path into this thread as it may help us track down the issue.
active RE: Apple Quick Time 7.XXX Threat
Member 26th Jan, 2009 17:25
Score: 0
Posts: 1
User Since: 13th Dec 2008
System Score: N/A
Location: N/A
on 26th Nov, 2008 15:05, E.Jeppesen wrote:
In some cases the old and insecure version of a program is not automatically removed when installing the new and secure version. That means then even though you get the new version installed correctly, you still have the old version installed which will still be detected by the Secunia PSI.

To locate the exact file that the Secunia PSI has detected, please follow there guidelines using the advanced interface:

* Click on the entry of the program to "expand" it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.

You are welcome to copy and paste the installation path into this thread as it may help us track down the issue.

Was this reply relevant?
+0
-0
rrannett RE: Apple Quick Time 7.XXX Threat
Member 26th Jan, 2009 23:23
Score: 0
Posts: 1
User Since: 30th Dec 2007
System Score: N/A
Location: N/A
it would appear that the uninstall program built into the offending Apple program does NOT uninstall all of the program, and the Secunia checker picks up the remnants. I solved this by uninstalling the Apple Quicktime 7.55XXX program from the Windows add and remove applet, AND then deleting the Quicktime heading under the Programs heading using Windows Explorer. Reboot your computer, run Secunia again, and all was well. Now, download the new Apple Quicktime 7.6XXX from the Apple website and install. Run Secunia again to make sure the new update installed correctly, and sit back and relax!
Was this reply relevant?
+0
-0
Ed_Hobbs RE: Apple Quick Time 7.XXX Threat
Member 27th Jan, 2009 00:08
Score: 0
Posts: 2
User Since: 25th Jan 2009
System Score: N/A
Location: N/A
What is this program ???
Was this reply relevant?
+0
-0
antipodes RE: Apple Quick Time 7.XXX Threat
Member 27th Jan, 2009 23:56
Score: 0
Posts: 29
User Since: 22nd Oct 2008
System Score: N/A
Location: AU
I acted on Secunia's alert immediately by updating using the download solution button. I still continued to get an insecure alert for the QuickTime and continued to do so even after following the advice in the Forum.

Apropos of nothing I ran a scan and received a no threats detected message

My question is must a scan be performed after carrying out an update and why did Secunia not detect that the threat had been removed before I ran the scan. Please note that I continued to get the alert after each reboot or start up.

--
antipodes
Was this reply relevant?
+0
-0
wild69 RE: Apple Quick Time 7.XXX Threat
Member 29th Jan, 2009 02:57
Score: 0
Posts: 3
User Since: 17th Jan 2009
System Score: N/A
Location: N/A
how
Was this reply relevant?
+0
-0
joepie77 RE: Apple Quick Time 7.XXX Threat
Member 9th Feb, 2009 12:02
Score: 0
Posts: 2
User Since: 7th Feb 2009
System Score: N/A
Location: N/A
What can I do with this threat ???
Was this reply relevant?
+0
-0
sirwriter RE: Apple Quick Time 7.XXX Threat
Member 13th Feb, 2009 14:10
Score: 0
Posts: 2
User Since: 29th Dec 2007
System Score: N/A
Location: N/A
I have a large drive with two partitions, and two different versions of windows installed, one on each. Although I have Secunia PSI installed on "C" drive it detected the file on D: as well. The only way I could resolve the thing was to delete Apple Quick Time from the D: drive and rescan. After the third scan it no longer showed.
Was this reply relevant?
+0
-0
brickzgonzales RE: Apple Quick Time 7.XXX Threat
Member 14th Feb, 2009 15:10
Score: 0
Posts: 1
User Since: 14th Feb 2009
System Score: N/A
Location: N/A
how to watching to ur show
Was this reply relevant?
+0
-0
madam_mahhem RE: Apple Quick Time 7.XXX Threat
Member 17th Feb, 2009 02:29
Score: 0
Posts: 1
User Since: 6th Jun 2008
System Score: N/A
Location: N/A
on 26th Nov, 2008 15:05, E.Jeppesen wrote:
In some cases the old and insecure version of a program is not automatically removed when installing the new and secure version. That means then even though you get the new version installed correctly, you still have the old version installed which will still be detected by the Secunia PSI.

[quote=p1327]To locate the exact file that the Secunia PSI has detected, please follow there guidelines using the advanced interface:

* Click on the entry of the program to "expand" it.
* Click on Technical details to see the installation path of the detected file.
* Remember the installation path and close down the menu.
* Click Open Folder and locate the detected file.

You are welcome to copy and paste the installation path into this thread as it may help us track down the issue.

Was this reply relevant?
+0
-0
antipodes RE: Apple Quick Time 7.XXX Threat
Member 17th Feb, 2009 04:07
Score: 0
Posts: 29
User Since: 22nd Oct 2008
System Score: N/A
Location: AU
I just wish to advise that the unsubscribe link is not working

--
antipodes
Was this reply relevant?
+0
-0
Bob_Primak RE: Apple Quick Time 7.XXX Threat
Member 28th Feb, 2009 09:16
Score: 0
Posts: 45
User Since: 28th Feb 2009
System Score: N/A
Location: Hinsdale, Illinois, US
Last edited on 28th Feb, 2009 09:17
I never use the Apple Updater for QuickTime for the exact reason that it does not remove the older components which contain the insecurities. Apple seems to be uniquely arrogant with Windows users about not fixing security problems in the first place, and then they do not remove their insecure components on top of that. So... I always completely remove the older version, then go to the Apple Web Site and download and do a fresh install from their current Windows installer. It works much faster than the Apple Updater, and I pass Secunia's scans right off the reinstall. Of course, this is not recommended for iTunes, as all Libraries would need to be reauthorized.

-- Bob --

--
-- Bob --
Was this reply relevant?
+0
-0
suboh RE: Apple Quick Time 7.XXX Threat
Member 18th Mar, 2009 19:30
Score: 0
Posts: 3
User Since: 18th Mar 2009
System Score: N/A
Location: N/A
Last edited on 18th Mar, 2009 19:36
Hope I have this format figured out as far as joining in on a topic is concerned. I just down-loaded Secunia today. It told me Apple Quicktime was insecure and I did the thing it said to do which changed the message to secure but, I did not even know I had that on my computer. My ? WHAT IS IT? I do not know why I would have that program or what it is be used for?! Any one? ;]
Was this reply relevant?
+0
-0
Maurice Joyce RE: Apple Quick Time 7.XXX Threat
Handling Contributor 18th Mar, 2009 21:15
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
This will tell U a bit about quicktime.
http://www.apple.com/quicktime/player/

It could have been preinstalled with your PC like Adobe Reader/Norton Products/Python & others to get U started "out of the box"

If U have no need for these products just remove them.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
suboh RE: Apple Quick Time 7.XXX Threat
Member 23rd Mar, 2009 18:20
Score: 0
Posts: 3
User Since: 18th Mar 2009
System Score: N/A
Location: N/A
Last edited on 23rd Mar, 2009 18:21
Thank you MJ I will check it out. I have yet to figure out the Out Look Express, Like, what is a POP3?!! Sounds like a JIFFY Product?:}
Was this reply relevant?
+0
-0
Maurice Joyce RE: Apple Quick Time 7.XXX Threat
Handling Contributor 23rd Mar, 2009 18:28
Score: 11865
Posts: 9,101
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 23rd Mar, 2009 18:52
POP3 (Post Office Protocol) is one method of delivering your email. Many ISP's use this method for processing mail.

More details are here:
http://email-extractor.org/email-protocols.html

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
suboh RE: Apple Quick Time 7.XXX Threat
Member 25th Mar, 2009 00:34
Score: 0
Posts: 3
User Since: 18th Mar 2009
System Score: N/A
Location: N/A
MJ Thanks again for your input. I think this is going to be interesting and informative. I might actually be able to use OLE after almost 3yrs. of wearing a ???? look.
Was this reply relevant?
+0
-0
mgrinnan RE: Apple Quick Time 7.XXX Threat
Member 28th May, 2009 22:13
Score: 0
Posts: 3
User Since: 28th Apr 2009
System Score: 90%
Location: Virginia, US
I have installed the new PSI BETA and find that in my Advanced > Secure Browsing tab that Apple Quicktime 7.x is listed as insecure with no vendor solution. Not knowing specifically what version of QT was installed and nor was there a QT listing in the Add/Remove Programs control panel I went to Apple and downloaded QT v7.6. After installation I uninstalled Quicktime and restarted only to find that yet in Secure Browsing tab QT is still listed even though it just got uninstalled. Now understand that there is no listing for QT in the Insecure tab so I have no further information about a file path. Frankly I'm wondering why QT would even be listed anywhere at this point considering it is uninstalled.
Was this reply relevant?
+0
-0
dfronck RE: Apple Quick Time 7.XXX Threat
Member 29th May, 2009 17:52
Score: 0
Posts: 1
User Since: 1st Mar 2009
System Score: N/A
Location: US
on 13th Feb, 2009 14:10, sirwriter wrote:
I have a large drive with two partitions, and two different versions of windows installed, one on each. Although I have Secunia PSI installed on "C" drive it detected the file on D: as well. The only way I could resolve the thing was to delete Apple Quick Time from the D: drive and rescan. After the third scan it no longer showed.

Go to "Advanced" then "Settings". At the bottom of the page is an "Irnore Rules" section. Create an Ignore Rule for your "D" drive.
Was this reply relevant?
+0
-0
JL Krol RE: Apple Quick Time 7.XXX Threat
Member 2nd Jun, 2009 14:50
Score: 4
Posts: 57
User Since: 10th Dec 2008
System Score: N/A
Location: US
I downloaded Secunia's PSI v.1.0.0.5 the other day and now am getting a "Apple Quick Time 7.xxx Threat" message on my Toshiba laptop running XP Media Center/SP3. Through Add/Remove programs, I "removed" the 2 Apple programs listed (none are now listed). Rebooted, scanned w/PSI and still get the same Apple QT threat message. Question #1) Do I really need Apple QT? (I don't have a iPod or listen to music on my PC.) Question #2) If I need Apple QT, how do I remove the remnants that are triggering Secunia's PSI program before I go to Apple's site and download a "fresh" QT program for Windows XP/SP3? Thanks (from Chicago)
Was this reply relevant?
+0
-0
This user no longer exists RE: Apple Quick Time 7.XXX Threat
Member 2nd Jun, 2009 15:01
on 2nd Jun, 2009 14:50, JL Krol wrote:
I downloaded Secunia's PSI v.1.0.0.5 the other day and now am getting a "Apple Quick Time 7.xxx Threat" message on my Toshiba laptop running XP Media Center/SP3. Through Add/Remove programs, I "removed" the 2 Apple programs listed (none are now listed). Rebooted, scanned w/PSI and still get the same Apple QT threat message. Question #1) Do I really need Apple QT? (I don't have a iPod or listen to music on my PC.)
Where is the Threat file located?

Have you tried to use Windows Explorer (Windows key + E) then navigate to that location and delete the file?

(unknown source)
Question #2) If I need Apple QT, how do I remove the remnants that are triggering Secunia's PSI program before I go to Apple's site and download a "fresh" QT program for Windows XP/SP3? Thanks (from Chicago)
It is probably a Folder on a hard drive that is not used by Apple QT but applications like to install old versions as they assume most people don't have Apple QT.
Was this reply relevant?
+0
-0
mgrinnan RE: Apple Quick Time 7.XXX Threat
Member 2nd Jun, 2009 16:43
Score: 0
Posts: 3
User Since: 28th Apr 2009
System Score: 90%
Location: Virginia, US
on 28th May, 2009 22:13, mgrinnan wrote:
I have installed the new PSI BETA and find that in my Advanced > Secure Browsing tab that Apple Quicktime 7.x is listed as insecure with no vendor solution. Not knowing specifically what version of QT was installed and nor was there a QT listing in the Add/Remove Programs control panel I went to Apple and downloaded QT v7.6. After installation I uninstalled Quicktime and restarted only to find that yet in Secure Browsing tab QT is still listed even though it just got uninstalled.


Problem Solved
Use PSI to download the solution and update QT to v7.62.
Was this reply relevant?
+0
-0
JL Krol RE: Apple Quick Time 7.XXX Threat
Member 2nd Jun, 2009 17:42
Score: 4
Posts: 57
User Since: 10th Dec 2008
System Score: N/A
Location: US
Before I removed Quick Time from the Program Files, I checked Add/Remove for Quick Time. Removed Quick Time (had removed 2 Apple "listings" earlier), rebooted, rescanned with PSI, and VIOLA! Quick Time was removed. As I have a Toshiba laptop running Win XP Media Center/SP3, I won't install it again unless for some goofy reason my laptop INSISTS it is necessary. THANKS FOR YOUR HELP!!
Was this reply relevant?
+0
-0
kabo0m RE: Apple Quick Time 7.XXX Threat
Member 4th Jun, 2009 21:29
Score: 0
Posts: 23
User Since: 9th Apr 2009
System Score: N/A
Location: CA
on 2nd Jun, 2009 16:43, mgrinnan wrote:
Problem Solved
Use PSI to download the solution and update QT to v7.62.


downloading the solution will I start to get nag screens? I like the version I have as I don't get harassed telling me to upgrade to the newest version (I have had that with other versions of Apple Quick Time and so has my brothers so that was why I was sticking with this version). The odd thing is this wasn't listing as a threat til just today yet I have had this for a few weeks. Maybe I just didn't notice because I was ignoring the Winzip threat .. who knows.

But I am hesitant to update because I don't want to be harassed by pop ups telling me to get their newest version..

--
Win 7 64bit
Intel P4 2.0a
4gb Ram
ATI Radeon X800XL 256mb
http://server-admins.com
http://kidneykorner.com
Was this reply relevant?
+0
-0
This user no longer exists RE: Apple Quick Time 7.XXX Threat
Member 4th Jun, 2009 22:51
on 4th Jun, 2009 21:29, kabo0m wrote:
downloading the solution will I start to get nag screens? I like the version I have as I don't get harassed telling me to upgrade to the newest version (I have had that with other versions of Apple Quick Time and so has my brothers so that was why I was sticking with this version). The odd thing is this wasn't listing as a threat til just today yet I have had this for a few weeks. Maybe I just didn't notice because I was ignoring the Winzip threat .. who knows.

But I am hesitant to update because I don't want to be harassed by pop ups telling me to get their newest version..

Why do you bother running Secunia PSI if you are going to ignore the warnings that it gives you?

Software has updates because of security issues that need to be taken care of.

iTunes, QuickTime Get Security Fixes:
http://www.pcworld.com/article/166044/itunes_quick...

Un-install Quicktime and get QuickTime Alternative 2.9.0:
http://www.filehippo.com/download_quicktime_altern...

Do you still have the vulnerable version of WinZip on your system or are you ignoring that as well?
Was this reply relevant?
+0
-0
mgrinnan RE: Apple Quick Time 7.XXX Threat
Member 4th Jun, 2009 23:17
Score: 0
Posts: 3
User Since: 28th Apr 2009
System Score: 90%
Location: Virginia, US
on 4th Jun, 2009 21:29, kabo0m wrote:
downloading the solution will I start to get nag screens? I like the version I have as I don't get harassed telling me to upgrade to the newest version... The odd thing is this wasn't listing as a threat til just today yet I have had this for a few weeks...
But I am hesitant to update because I don't want to be harassed by pop ups telling me to get their newest version..


Going to the Quicktime control panel Update tab you can easily disable the application from looking for its updates. I'm not necessarily a fan of Apple's update either and I also disable mine. But I only do that so that I can control my update time rather than the program stepping in to install and forcing my restart at an unhandy time. Surely I concur that updates are a necessary part of security and should be handled at the earliest convenience.

Like you, my Quicktime was only recently flagged by PSI for upgrade. It's a new upgrade.
Was this reply relevant?
+0
-0
kabo0m RE: Apple Quick Time 7.XXX Threat
Member 13th Jul, 2009 16:26
Score: 0
Posts: 23
User Since: 9th Apr 2009
System Score: N/A
Location: CA
Last edited on 13th Jul, 2009 16:28
on 4th Jun, 2009 23:17, mgrinnan wrote:
Going to the Quicktime control panel Update tab you can easily disable the application from looking for its updates. I'm not necessarily a fan of Apple's update either and I also disable mine. But I only do that so that I can control my update time rather than the program stepping in to install and forcing my restart at an unhandy time. Surely I concur that updates are a necessary part of security and should be handled at the earliest convenience.

Like you, my Quicktime was only recently flagged by PSI for upgrade. It's a new upgrade.


I updated mine but didn't come back to this thread til now as I had been busy.

I like to question before blindly hitting update because of bad experiences in the past. I think it is smart to ask questions.

--
Win 7 64bit
Intel P4 2.0a
4gb Ram
ATI Radeon X800XL 256mb
http://server-admins.com
http://kidneykorner.com
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+