
Vladislav Kochelaevs - Fotolia
Apple won't patch zero days so uninstall QuickTime now
DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.
It's time to uninstall QuickTime for Windows, security experts -- including Trend Micro and the Department of Homeland Security -- say, because Apple has abruptly pulled the plug on the program after two zero day vulnerabilities were found.
Apple issued its last patch for QuickTime for Windows in January, and it seems that will be the last patch the software ever receives. Trend Micro's Zero Day Initiative (ZDI) recently disclosed two new and critical zero-day vulnerabilities in the software, ZDI-16-241 and ZDI-16-242. Both vulnerabilities were described as potentially allowing "remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime" if the target were to visit a malicious webpage.
ZDI also noted in the post that Apple said it "will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it."
However, Apple has not officially announced an end of life (EOL) for QuickTime and the support page for the software still describes the process to uninstall QuickTime in terms of "If you no longer need QuickTime ..."
Although Apple has not released information on the subject, the Department of Homeland Security (DHS) US-CERT said that "the only mitigation available is to uninstall QuickTime for Windows."
The DHS noted in its advisory that "using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets."
Wolfgang Kandek, CTO at Qualys, noted that "while companies should not necessarily be forced to issue security patches for products that are not supported anymore, they should communicate clearly the planned EOL of products and inform customers about alternatives."
Brandon LeBlanc, senior program manager for the Windows Insider Program Team at Microsoft, tweeted:
Apple should do the right thing here for its customers and patch these security issues in QuickTime. #Lame https://t.co/sQW83CZLMp
— Brandon LeBlanc (@brandonleblanc) April 15, 2016
And security reporter Brian Krebs said plainly, "... if you have Quicktime on a Windows box -- do yourself a favor and get rid of it."
Join the conversation
7 comments
So uninstall it and then what can you do to do bulk conversion of those music and video files? So you have them backed up in iCloud, they'll only play in iTunes. Now what I want to know, is since the Quicktime Player is how I am able to play those 100+ GB of Music and Videos, is iTunes need to be removed too?
Remember the whole reason Apple made Quicktime for Windows or iTunes was to lock you into their Closed Ecosystem! ......so is Apple abandoning those same people who won't buy a Mac and this is the punishment for that??? Apple is a Rotten Evil Company, that only exists to make more money for shareholders, while never innovating or spending money on keeping customers on the cutting edge of technology. Quicktime ain't going away from Apple product users..... only Windows users who refuse to migrate to Apple Products. That should be against the law without the tools to convert our whole library over to other formats easily.
While I can play these music files in iTunes now (older itunes purchases), does this mean iTunes for Windows (which still uses Quicktime) is going away too?