Uninstall Apple’s QuickTime for Windows immediately, says US Government

In case you are still using Apple’s media player, QuickTime for your Windows PC then it is time to get rid of it “immediately”. Apple has ended support for QuickTime for Windows, and will no longer be providing security updates and fixes, leaving the application vulnerable to exploitation.

quicktime

The advisory for uninstalling Quick Time for Windows has come from U.S. Computer Emergency Readiness Team (US-CERT) and antivirus firm Trend Micro. Trend Micro has in fact issued an “Urgent Call to Action” asking Windows users to get rid of this software.

Users must note that above warning does not apply to QuickTime on Mac OSX. The support has ended for Windows.

Trend Micro finds critical flaws in QuickTime for Windows

Trend Micro has found two critical flaws in the PC version of Quick Time for Windows that could lead to hackers gaining control over the victim’s PC. Here are the 2 flaws in detail.

Threat# 1

With Apple withdrawing support for QuickTime for Windows, there will no security updates and warning reaching to the users. This may result in risks from viruses and other security threats leading to serious consequences including loss and theft of personal data.

Threat#2

Trend Micro describes that under this threat remote attackers are able to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability and the target must visit a malicious page or open a malicious file.

Attackers can employ below tricks to target user machine:

  • When the specific flaw exists within the moov atom. By specifying an invalid value for a field within the moov atom, an attacker can write data outside of an allocated heap buffer. Having done that, the attacker can now leverage this to execute arbitrary code under the context of the QuickTime player.
  • When the specific flaw exists within atom processing. By providing an invalid index, an attacker can write data outside of an allocated heap buffer. Using this the attacker can now leverage this to execute arbitrary code under the context of the QuickTime player.

For those who use QuickTime for Windows PC, uninstalling the program is the only solution to avoid this vulnerability.

The Trend Micro Urgent Call to Action is available here.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

4 Comments

  1. Dan

    Wonder how this will affect free versions of apps such as Lightworks and I believe HitFilm Express, which have made QuickTime on Windows mandatory for using their products re renders.

  2. Alberto Gorin

    i have something from apple wich it is
    cause some have apple and Itunes i have Itunes thats it

  3. Ed

    I really don’t know anyone including myself that even uses Quicktime for Windows anymore. Although in it’s heyday the .mov format was much superior to .mpeg and .avi , but since the outbreak of .mp3 and .mp4 which supplies just as good quality with a smaller file size I really haven’t even thought about installing Quicktime on my system in years. I would assume Quicktime can play those formats but really there are much better players for Windows. I guess if your a Mac user your kind of stuck with it, but still, .mov and Quicktime is a thing of the past, if it wasn’t for iTunes, Quicktime would have died a long time ago.

  4. dont know if it will help, try “klite codec packs”, i stopped using quicktime years ago, but the pack let me still view .mov files and even encode to other formats using programmes like handbrake . worth a try. report here so others know if it works for you.

Leave a Reply

Your email address will not be published. Required fields are marked *


9 + 5 =