Quicktime Leaves Windows Users Vulnerable As Apple Ends Support

Apple / Microsoft / Security / Tech

Do you know how to uninstall programs on your window PC? Well it’s time to put that skill to use and head over to the Control Panel to banish Apple’s Quicktime from your device, and in this case the sooner the better. Trend Micro released two potentially serious vulnerabilities via its Zero Day Initiative advising all Windows users uninstall Quicktime immediately. OSX users are not affected by these and Apple will continue to support Quicktime on it’s own hardware.

Quicktime has been around for 24 years and still comes pre-installed on all Macs. It has been always available for Windows as a free install (and a Pro version) bundled with iTunes prior to version 10.5.  The last version for Windows, 7.7.9 was released just three months ago and was the last update for the Windows OS as Apple has deprecated it in favor of the newer AVFoundation framework. Trend Micro has a pretty stern warning with the newly discovered vulnerabilities.

“We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.”

Considering that a warning has now been issued by the Department of Homeland Security this should probably not go ignored for too long. If you’re interested in specific details about the vulnerabilities, we have provided the links below.

  1. ZDI-16-241
  2. ZDI-16-242

“One vulnerability occurs an attacker can write data outside of an allocated heap buffer. The other vulnerability occurs in the stco atom where by providing an invalid index, an attacker can write data outside of an allocated heap buffer. Both vulnerabilities would require a user to visit a malicious web page or open a malicious file to exploit them. And both vulnerabilities would execute code in the security context the QuickTime player, which in most cases would be that of the logged on user. Both vulnerabilities have a CVSS 2.0 score of 6.8.”

Why are you still reading this??? Go uninstall!

  Source: Trend Micro
To Top