Critical Fixes and Issues for QuickTime, iWork, Firefox
— -- Important fixes and security news on Firefox, Quicktime and Apple's iWork application bubbled up during the week. In case you missed the news among the breathless inauguration stories, or maybe tales of the giant data breach at Heartland, here's your opportunity to catch up.
QuickTime fixes:
Apple released a number of patches for QuickTime on Mac OSX, Windows Vista and XP to close security holes, some of which allow for "arbitrary code execution," which translates to "bad guys can run any program they'd like on your computer." Apple also released a critical fix for the QuickTime MPEG-2 Playback Component for Windows Vista and XP.
Get full details and links to downloads at http://support.apple.com/kb/HT3403 (for QuickTime) and http://support.apple.com/kb/HT3404 (for the MPEG-2 component).
Mac iWork Trojan:
Software pirates who downloaded hacked copies of Apple's iWork 09 productivity suite via BitTorrent got an extra surprise in the form of a hidden Trojan horse called OSX.Trojan.iServices.A. The Trojan opens a backdoor which allows for remote control of the hapless Mac.
So yes, downloading pirated software is still a huge security risk. And sadly, the carefree days of malware-free Macs are gone. Though it's rare compared to the gibbering horde of nasties that go after Windows PCs, there is now malware for the Mac.
More on this risk at http://www.intego.com/news/ism0901.asp and http://voices.washingtonpost.com/securityfix/2009/01/pirated_iwork_software_infects.html?wprss=securityfix.
No more Anti-phishing in Firefox 2:
As of Jan. 20, the Google data feed that powered the phishing protection in Firefox 2 was turned off, according to Mozilla. So the protection is dead even if it looks to be turned on in the browser. But really, why are you using Firefox 2? The so-called Awesome bar in Firefox 3 is, well, awesome. And its phishing protection continues to work.
