On Thursday, Trend Micro announced that Apple would no longer provide security updates to QuickTime on the Windows platform.
This status update via Apple comes on the same day that ZDI disclosed two vulnerabilities in the multimedia tool, which if exploited could lead to remote code execution. The vulnerabilities are heap corruption flaws that require users to visit a malicious webpage, making them perfect for drive-by-downloads or Phishing.
"We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it," Trend Micro's Christopher Budd wrote on the company blog.
"In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it."
Apple has published a support note on QuickTime's removal on Windows, but it's nothing more than a directive to follow Microsoft's standard software removal instructions.
Apple says the end-of-life is due to the fact that most recent media programs no longer use QuickTime to play common formats. Speaking to the browser add-on, Apple says that HTML 5 has rendered it obsolete, adding: "Removing legacy browser plug-ins enhances the security of your PC."
Apple told Trend Micro that support for QuickTime would end back in March, but the public didn't learn about it until this week.
It's hard to imagine a need for QuickTime in most offices these days, but legacy software or applications could mean it does exist in some capacity. If so, those systems will make for an easy target if they're exposed to the public online.
Originally published on April 14, 2016, Csoonline.com
- Online personal information helps even small groups launch heavily targeted, highly effective attacks, malware-buster warns
- Explosion in ransomware, 0-days driven by cybercriminals' growing professionalism
- Threat Modelling
- Adobe flags new Flash attack, but patches delayed until later this week
- Network Security and Hacking: What Your Organization Needs to Know