This site may earn affiliate commissions from the links on this page. Terms of use.

For years, Apple QuickTime has hovered between a nuisance install bundled with iTunes and a necessary application for various third-party software tools, some of which rely on QuickTime for sound or video playback. The US authorities and TrendMicro are both recommending that all Windows users uninstall QuickTime immediately thanks to critical vulnerabilities that Apple has no intention of fixing.

TrendMicro writes:

[O]ur Cypher Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, disquisitional vulnerabilities affecting QuickTime for Windows. These advisories are beingness released in accordance with the Zero Day Initiative's Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And considering Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

We're not aware of any active attacks against these vulnerabilities currently. Simply the only manner to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Coffee vi as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting information technology.

TrendMicro goes on to write that both exploits are remote lawmaking execution vulnerabilities that would crave an end user to actively visit a malicious webpage or open a malicious file to exploit them. US-CERT has released its own notification, calling on Windows users to uninstall the software (Mac users are not affected).

Could somebody mayhap mention this to Apple tree?

QuickTime is a lot like Coffee, in that you probably don't need to have to it installed. If you practice need it, nevertheless, it may show difficult to supersede, and Apple tree isn't currently helping matters. The company has not updated the QT landing folio to inform users that the software is deprecated or no longer maintained, and the Apple Software Update tool is still pushing QuickTime to end users.

Apple-Update

Security flaw? Pshaw.

There'southward as well the fact that this disclosure was handled by TrendMicro, not Apple itself, and the company with the critical vulnerability really ought to be doing more to reach out to finish-users and inform them of problems.

Users who can't uninstall QuickTime for piece of work-related reasons don't currently take much recourse. HP TippingPoint IPS customers are reportedly protected, merely conventional antivirus software won't stop this exploit. If you have to apply QuickTime, we'd recommend double-checking all QT files that y'all work with and existence conscientious to avoid playing back any fabric y'all can't authenticate. With QuickTime for Windows being phased out, it's important to detect alternative software solutions for the long term.