Apple kills QuickTime for Windows, two vulnerabilities announced

CERT advisory urges QuickTime removal due to vulnerabilities, Apple does too

quicktime windows

On Thursday, Trend Micro announced that Apple would no longer provide security updates to QuickTime on the Windows platform.

This status update via Apple comes on the same day that ZDI disclosed two vulnerabilities in the multimedia tool, which if exploited could lead to remote code execution. The vulnerabilities are heap corruption flaws that require users to visit a malicious webpage, making them perfect for drive-by-downloads or Phishing.

"We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it," Trend Micro's Christopher Budd wrote on the company blog.

"In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it."

Apple has published a support note on QuickTime's removal on Windows, but it's nothing more than a directive to follow Microsoft's standard software removal instructions.

Apple says the end-of-life is due to the fact that most recent media programs no longer use QuickTime to play common formats. Speaking to the browser add-on, Apple says that HTML 5 has rendered it obsolete, adding: "Removing legacy browser plug-ins enhances the security of your PC."

Apple told Trend Micro that support for QuickTime would end back in March, but the public didn't learn about it until this week.

It's hard to imagine a need for QuickTime in most offices these days, but legacy software or applications could mean it does exist in some capacity. If so, those systems will make for an easy target if they're exposed to the public online.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.