Apple’s QuickTime for Windows has two critical vulnerabilities that could allow an attacker to exploit your PC with relative ease. Apple knows about these flaws, but it has no intention of doing anything about them. Instead, Apple confirmed that it is no longer supporting QuickTime for Windows. That means if you have QuickTime installed you’re exposed to the two identified vulnerabilities, and any new vulnerabilities that come along, which is why you should go uninstall the software from your computer right now.
Do you have Apple QuickTime installed on your Windows PC? It’s time to remove it. There are known flaws that can be exploited relatively easily, and Apple has confirmed that it is no longer supporting the software.
The US-CERT, part of the Department of Homeland Security, recently issued a public statement urging anyone using QuickTime for Windows to uninstall the product immediately due to Apple ceasing development and therefore no longer issuing security updates. This alert stems from a recent call to action from TrendMicro, after the company’s Zero Day Initiative revealed two critical vulnerabilities: ZDI-16-241 and ZDI-16-242, affecting QuickTime for Windows.
“These two vulnerabilities are considered ‘remote code execution’ vulnerabilities, which means a miscreant could get the victim to click on a link or visit a website, and remotely hack into the computer without ever physically being in front of the computer,” warns Dodi Glenn, VP of cyber security at PC Pitstop. “While we have yet to see these vulnerabilities being used in the ‘wild’, our experience tells us that it won’t be long before they are bundled in the majority of exploit kits being sold on the underground marketplace.”
The US-CERT advisory states, “Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.”
Sanjay Ramnath, Senior Director of Security Product Management for Barracuda, explains, “While Apple has every right to discontinue any of its products, it should be done so in a way to limit risk to its users. Unfortunately, given how widespread the use is, pulling the plug without pre-announcement and without fixing known problems causes significant risk.”
“Unfortunately, companies discontinue products all the time. Quicktime for Windows has been around since the early 90s and I think was the first piece of Windows software released by Apple. However, since its feature set has been eclipsed by other programs over the years it sort of makes sense to discontinue it,” states Cris Thomas, Strategist for Tenable Network Security. “In fact, for most users there is no need for Quicktime at all. It is no longer required by iTunes and web video is usually served by HTML 5 these days.”
Read the full story on Forbes: Apple Abruptly Pulls Plug On QuickTime For Windows.