412-385-5000

Apple Ends Support for QuickTime for Windows – New Vulnerabilities Announced

The US government and TrendMicro both recommend that all Windows users uninstall QuickTime immediately to prevent compromised systems.  Quicktime now has critical vulnerabilities that Apple will not fix.  Apple has made the decision to end support for Quicktime on Windows.

To quote TrendMicro:

[O]ur Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.

What do we do now?

Unfortunately Apple has not been doing much to address the issue.  They are still continuing to push bundled QuickTime installs with iTunes for Windows machines.  Many users still rely on QuickTime to perform job-related functions.  So this puts many people in a challenging position.  Our recommendations – if you don’t need QuickTime, uninstall it.  If you do need it, double check the files you are working with before opening them.

For more information from US-CERT.gov on the official Alert, see this link:

https://www.us-cert.gov/ncas/alerts/TA16-105A

Contact Advanticom for help with this and other network security related issues.

412-385-5000