Brian Krebs April 18, 2016
Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for it, warns theDepartment of Homeland Security‘s U.S. Computer Emergency Readiness Team(US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely won’t be patched.
US-CERT cited an April 14 blog post by Christopher Buddat Trend Micro, which runs a program called Zero Day Initiative (ZDI) that buys security vulnerabilities and helps researchers coordinate fixing the bugs with software vendors. Budd urged Windows users to junk Quicktime, citing two new, unpatched vulnerabilities that ZDI detailed which could be used to remotely compromise Windows computers.
“According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation,” US-CERT wrote. The advisory continued:
“Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page.”
While the recommendations from US-CERT and others apparently came as a surprise to many, Apple has been distancing itself from QuickTime on Windows for some time now. In 2013, the Cupertino, Calif. tech giant deprecated all developer APIs for Quicktime on Windows.
Apple shipped an update to Quicktime in January 2016 that removed the Quicktime browser plugin on Windows systems, meaning the threat from browser-based attacks on Quicktime flaws was largely mitigated over the past few months for Windows users who have been keeping up to date with the latest version. Nevertheless, if you have Quicktime on a Windows box — do yourself a favor and get rid of it.
Tags: Apple Quicktime, Christopher Budd, Quicktime removal, trend micro, US-CERT, zdi, Zero Day Initiative
No comments:
Post a Comment