As much as we all love the digital world we currently live in, the issue of security is an annoyance we could all do without.
One of the latest security risks was announced by the Department of Homeland Security’s United States Computer Emergency Readiness Team (CERT) with an alert urging customers to uninstall QuickTime from Windows.
QuickTime is a video player that can no longer compete with all the new players in the marketplace for Windows, which explains why Apple has stopped updating it. And in the digital world, not updating one’s application means it will quickly become vulnerable to security breaches.
Why You Should Uninstall QuickTime from Windows
As first reported by Trend Micro, Apple deprecated QuickTime for Microsoft Windows, which in computer lingo means it will still be available, but will no longer be developed or supported. The report also said the Trend Micro Zero Day Initiative released advisories detailing two new serious vulnerabilities affecting QuickTime for Windows.
The two vulnerabilities are:
- ZDI-16-241 – Which allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. In order for this vulnerability to be exploited, the user has to interact by visiting a malicious page or open a malicious file. The flaw specifically resides within the moov atom, which can be leveraged by an attacker to execute the codes under the context of the QuickTime player.
- ZDI-16-242 – This vulnerability has the same flaws, but it exists within the atom processing. An attacker can write data outside of an allocated heap buffer by providing an invalid index.
Apple will no longer be providing security updates, so these vulnerabilities are never going to be patched.
According to Trend Micro, there are no active attacks against these vulnerabilities (as of April 14, 2016). But since it was made public, there are probably many exploits being introduced in the ecosystem that will eventually take advantage of these flaws.
All software products have a lifecycle. Since Apple will no longer be providing security updates for QuickTime for Windows, US-CERT said computer systems running unsupported software will be exposed to increased risks of malicious attacks or electronic data loss. According to the organization, the only mitigation available is to uninstall QuickTime for Windows.
If you have QuickTime on Windows systems, uninstall it right away. Go to the Control Panel and click on Programs. Once you are there find QuickTime and right click and uninstall. You can also visit this Apple page for information on how to uninstall the player. It is important to note, this only affects Windows, Apple still supports QuickTime on Mac OS X.