If your PC is running Windows and also has QuickTime for PC by Apple installed, you need to know something. On April 14, 2016, the United States Computer Emergency Readiness Team (CERT), a division of the United States Department of Homeland Security, announced that, based on a report from Trend Micro Security, owners of Windows-based PCs and laptops who have QuickTime installed on their device(s) need to uninstall the software as soon as possible.
Trend Micro Security reported that they found two security vulnerabilities in the software that were not closed following the January 2016 patch issued by Apple for QuickTime for Windows.
Simultaneously, Apple announced that it was discontinuing support for the decades-old media platform as of the middle of March. The announcement came as a surprise to Windows QuickTime users; dropping support normally happens well in advance of the end date for the software. It seems that Apple decided it is bad business to continue to support this venerable program. Consistently, this software, when run on Windows, has the dubious honor of being among the least Windows programs updated by users.
However, the Zero Day Initiative (ZDI), owned by Trend Micro, informed Apple that two zero-day vulnerabilities are embedded in QuickTime for Windows software. According to ZDI, Apple has known about the flaws since November of 2015. The company chose to do nothing, and when the three-month waiting period that ZDI allows every software manufacturer to patch security flaws expired, they announced the two flaws. Apple responded by saying they planned to “deprecate” (a fancy corporate word that means an end to the product’s support) the software and posted a note to users that if the software was not being used, it should be deleted for security reasons. They also offered instructions as to how to remove the software.
This dumping of QuickTime by Apple is important since users received no warning nor recommendation to find another media software or why it was being discontinued, though Apple had at least three months to do so. Normally, before a major software program ends, such as Windows XP in 2014, and the announcement by Java that the browser plugin will be discontinued in early 2017, security patches are released.
Not patching known security flaws in software exposes users of QuickTime for Windows to potential hacks that could allow cybercriminals to take over their computer or laptop. Once this happens, personal and confidential information, including banking and credit card information, can lead to identity theft, or the purchase of goods and services before a user is aware that his or her information is compromised.
There is only one way to fix the potential for a cyberattack. The U.S. government and Apple agree that users should remove QuickTime for Windows at once or remain at risk for a serious hack. If you run programs that need QuickTime for Windows to run properly, check with the vendor to determine which alternative media player will work or find a replacement program.
Doing nothing is not an option — delete QuickTime for Windows now!
403Tech is one of the Top 50 Managed IT services companies in Canada.