Apple kills QuickTime for Windows, two vulnerabilities announced

On Thursday, Trend Micro announced that Apple would no longer provide security updates to QuickTime on the Windows platform.

This status update via Apple comes on the same day that ZDI disclosed two vulnerabilities in the multimedia tool, which if exploited could lead to remote code execution. The vulnerabilities are heap corruption flaws that require users to visit a malicious webpage, making them perfect for drive-by-downloads or Phishing.

"We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it," Trend Micro's Christopher Budd wrote on the company blog.

"In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it."

Apple has published a support note on QuickTime's removal on Windows, but it's nothing more than a directive to follow Microsoft's standard software removal instructions.

Apple says the end-of-life is due to the fact that most recent media programs no longer use QuickTime to play common formats. Speaking to the browser add-on, Apple says that HTML 5 has rendered it obsolete, adding: "Removing legacy browser plug-ins enhances the security of your PC."

Apple told Trend Micro that support for QuickTime would end back in March, but the public didn't learn about it until this week.

It's hard to imagine a need for QuickTime in most offices these days, but legacy software or applications could mean it does exist in some capacity. If so, those systems will make for an easy target if they're exposed to the public online.

Originally published on April 14, 2016,

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags threatsApplesoftwareWindowsremovaltrend microquicktimeransomwarecertPC securityvunerablities

More about AppleMicrosoftOracleTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Steve Ragan

Latest Videos

More videos

Blog Posts