Computer security experts are warning Microsoft Windows customers to uninstall Apple QuickTime after severe vulnerabilities were discovered in the program. Similar flaws were discovered in Oracle products but have since been fixed after a huge security patch update was released recently. Industry analysts have also noted that the iPhone maker sees QuickTime for Windows as an end of life application and will no longer be issuing security updates for the media player.
QuickTime for Microsoft Windows: The End of an Era
QuickTime is a multi-media framework that was developed by Apple and allows users to view everything from videos on the internet, to personal media and a wide range of other file formats. The technology offers high quality multimedia viewing and is used extensively by Windows computer owners also running Apple applications such as iTunes.
Apple Mac users should note that the security warning does not apply to QuickTime on Mac OSX.
It would seem that this is the end of the road for QuickTime on Windows as Apple has also recommended that users uninstall the product from their Microsoft machines. The only issue is whether there are any viable alternatives out there, which will be the biggest reason to worry for iTunes users on Windows PCs. In addition, any clients using MYOB Accountright v19 or earlier are at direct risk because of the vulnerabilities, hence the uninstall advisory.
These clients would have been using the program for anything from embedding and editing images on official documents such as invoices, purchase orders and other forms used in MYOB. At the time of writing, there were no known flaws in the MYOB 2016 stream. However, as it is accounting software, the recommendation once again is for any companies using the software to find alternative programs for their book-keeping requirements as quickly as possible.
Details of the vulnerabilities found in QuickTime
The two vulnerabilities found in QuickTime for Microsoft Windows are of the highest severity, which is why industry experts have all issued strongly worded warnings regarding the removal of the software. Known as Remote Code Execution, one flaw would allow an attacker to write data outside of an allocated heap buffer. A similar vulnerability found in the stco atom would also allow an attacker to manipulate the same flaw by providing an invalid index.
When applied specifically to QuickTime, attackers could be capable of creating an infected image, video, or audio file that looks fine when viewed on other media players, but execute malicious commands in QuickTime for Windows. Both vulnerabilities would require a user to visit an infected web page or open a file that contains the malicious code. In both cases, these vulnerabilities are most likely to affect the current logged-on user.
While there are no reports of active attacks against the vulnerabilities, the best way for owners to protect their Windows system from potential attacks is by uninstalling QuickTime. This means that for Windows users, QuickTime joins what seems to be an ever growing list of software that is no longer receiving security updates including popular products such as Microsoft Windows XP and Oracle Java 6. Out of date software poses an increased risk to those who continue to use it as more and more vulnerabilities are discovered and exploited.
So it would seem that this is the end of the road for QuickTime for Microsoft Windows and no doubt millions of users who relied on the program will be affected. There are alternatives out there though and as long as they are actively update these will prove to be safer.