QuickTime Windows Still On Your PC? US-CERT And Trend Micro Say Kill It Now, Apple Ending Security Support

Does anyone actually still use QuickTime on a Windows PC? If you’re one of the few still clinging to software and using it actively, both security researchers and Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) are imploring you to uninstall it right now.

The critical reason for uninstalling the software comes in the form of two advisories that were issued regarding critical vulnerabilities found in QuickTime for Windows. The first exploit, ZDI-16-241, allows remote attackers to execute arbitrary code after a user visits a malicious page or open a malicious file due to a flaw in the moov atom. The second exploit, ZDI-16-242, uses a similar attack vector by latching on to a vulnerability in QuickTime for Windows atom processing.

Vulnerabilities in software are nothing new, just look at the Adobe Flash. However, that brings us to the second reason for the calls to uninstall QuickTime for Windows — Apple is ending support for the software. Trend Micro first alerted Apple to the vulnerabilities on November 11th, and Apple acknowledged both on the same day. However, Trend Micro never heard back from Apple on the matter until March 8th. On March 9th, Apple informed Trend Micro that it was ending QuickTime for Windows support.

quicktime

So with critical vulnerabilities on the loose, no patch incoming and no future support in sight, US-CERT and Trend Micro had no choice but to recommend that users remove the software from their computers.

“We’re not aware of any active attacks against these vulnerabilities currently,” write’s Trend Micro’s Christopher Budd. “However, even with protections, ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.”

US-CERT echoes those sentiments, writing:

Using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.

It would have been nice for Apple to alert users of deprecated support for QuickTime on the Windows platform instead of having to hear about it from Trend Micro and US-CERT, but it’s no secret that Windows is a second-class platform to Apple. With the being said, you can visit Apple's website for instructions on how to uninstall QuickTime for Windows.


Via:  Trend Micro
Show comments blog comments powered by Disqus