Security Alert: Uninstall QuickTime for Windows
There’s two new critical vulnerabilities affecting QuickTime for Windows - and the only mitigation is to uninstall it, according to ThreatPost.
That’s because Apple is deprecating QuickTime for Microsoft Windows, meaning they’re no longer issue security updates for it on Windows. So really, the only way to protect yourself (and your company) is by uninstalling the software.
The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) issued an alert Thursday urging people to take heed and uninstall QuickTime.
Using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.
The Zero Day Initiative issued advisories for the QuickTime zero-days. One vulnerability allows remote attackers to execute arbitrary code on affected systems; the flaw exists in the moov atom (also referred to as the movie atom).
Used to prepare video files for playback, the moov atom defines the timescale, duration and display characteristics of the movie, in addition to the subatoms that contain information for each track in the movie, according to an Adobe blog on the MPEG-4 movie atom.
An attacker can exploit a flaw in the moov atom in order to execute arbitrary code under the context of the QuickTime player, according to the advisory.
Another vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime, by targeting a flaw within atom processing. A user would have to first visit a malicious page or open a malicious file for the attack to work, according to the advisory.
Need some help uninstalling it? Apple Support has provided documentation on how to remote QuickTime 7 for Windows. Basically, click the Start button > Control Panel > Programs > Programs and Features. Then select QuickTime and click Uninstall.
With no patches available or support from Apple, these type of critical zero-days can put users at risk that might not even realize they have QuickTime installed on their devices. As an administrator, you can use Duo’s Device Insights to get visibility into outdated software on their devices, as well as block any from accessing your work apps.
Plus, our User & Device reports also tell you when a new security event happens - like a new version of software is available from a vendor - and how that changes the security of your environment.