Why is the department of homeland security urging Windows users to uninstall QuickTime?

QuicktimeApple announced last November that it would quit issuing security updates for the popular video program as ported through Windows. The call for Windows users to uninstall it comes out of concerns that the lack of security updates will leave vulnerabilities open for hackers to exploit. Since no further security patches will be distributed, the only option is to remove the program.

ZDI published Apple’s first announcement that it would discontinue support to Windows versions of the software, and critical security vulnerabilities were reported soon after that on November 11, 2015.

An Apple spokesperson said, “First, Apple will be deprecating QuickTime for Windows, and will no longer issue updates for the Windows version. We recommend that users uninstall it. Keep in mind this does not apply to our QuickTime for Mac OSX. Also, our Zero-Day Initiative has released two warnings; ZDI-16-241 and DI-16-242 detailing two recent and critical security weaknesses in QuickTime for Windows.”

Both vulnerabilities represent a host of corruption flaws that could provide an easy point of entry for cyber attacks remotely executed. The type of attack most likely to exploit these weaknesses would come through a corruption file which latches onto a victim’s machine after visiting a malicious website.

The spokesperson went on to say, “These vulnerabilities are heap corruptions of the remote code execution type. One occurs when an attacker writes data outside an allocated buffer. The other occurs in the stco atom by providing a bad index allowing an attacker to write data from outside a sanctioned heap buffer. Both vulnerabilities will require users to visit malicious web pages or to open malicious files which will exploit the vulnerabilities. And both of these vulnerabilities will execute code inside the security context of the Windows QuickTime player.”

QuickTime will soon become unusable within Windows whether or not they are actually being attacked by cyber hackers. Those who attempt to find solutions for the problem on the Internet will invariably encounter malicious sites and software which will use the program’s frailties to attack the user’s machine.

There really isn’t much option. Users will have to uninstall the program or face the very high risk of losing their personal information to criminals or at least suffer critical damage to their systems.

But it’s not a total loss. There is one additional benefit to uninstalling QuickTime. Doing so will also remove the legacy QuickTime version 7 plug in. Because the legacy QuickTime plug-in predates HTML5 web security protocols, it actually represents another security flaw that can be remedied by removing it.

Apple reports that there will be no negative effects on Apple OS users. The company has disabled the plug-in for Apple browsers. But US-CERT has made a statement saying that they are not sure that Apple users are not exposed to risks from the two cited vulnerabilities.

Computers that are running the Apple software product still work after Apple withdraws its support. But using the unsupported software increases the risk of a successful attack. Such attacks may result in compromised personal information such as social security numbers or banking information or other important assets. The only way to avoid these risks is for Windows users to remove all versions of QuickTime from their computers as soon as possible.

At the time of this report, there are no known attacks designed to exploit these vulnerabilities. This means Windows users can escape attack unharmed if they uninstall now. But there is no doubt that attacks against these weaknesses are being written at this very moment, and the only way to guard against them is by removing QuickTime.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
Client Feedback

“LAN Infotech has been an exceptional resource for our organization. They provide consistent knowledgeable network engineers, round the clock monitoring and are invaluable in our IT infrastructure decision-making process. Their level of customer service has been top-notch and exceeds our expectations – we look forward to a continued partnership with LAN Infotech.”

—Janice M. Pennington
Vice-President of Finance & Administration
National Multiple Sclerosis
Society South Florida Chapter
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services