Warning from U.S. Homeland Security–Uninstall QuickTime

Warning to Window users with QuickTime installed on their computers–uninstall it, now.

Clients on our managed IT services agreements currently have this addressed.  Questions?  Call us immediately.

According to a statement issued by the U.S. Department of Homeland Security Computer Emergency Readiness Team: “Computers using unsupported QuickTime software may increase risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows”.

Released over 20 years ago, QuickTime is Apple software used to play audio, image and video files. Apple suddenly stopped providing security patches a few weeks ago due to Zero Day Initiative advisories issued by Trend Micro , an Internet security company that originally discovered two, critical QuickTime vulnerabilities–ZDI-16-242 and ZDI-16-241.

Trend Micro told Apple about the security holes in QuickTime, but Apple neglected to patch these vulnerabilities even though they provided an update to QuickTime in January, 2016. When Trend Micro asked Apple why they didn’t fully secure Quicktime, Apple simply stopped updating the software and have since abandoned it to the wilds. Consumers should also be aware that Oracle Java 6 and Microsoft Windows XP are no longer receiving security upgrades and are subject to remote attack from hackers.

Explanation of Quicktime’s Security Holes

ZDI-16-242 and ZDI-16-241 allow hackers to execute random code in QuickTime software. Users must open malicious files or visit malicious pages for exploitation of vulnerabilities to occur. Since the flaw was found in QuickTime’s moov atom, attackers need to specify invalid values for specific fields existing in the moov atom. Once inside, attackers insert data outside an allocated heap buffer, which they use to leverage execution of arbitrary code within the QuickTime player.

Windows users keeping QuickTime installed on their computers could potentially suffer negative consequences, such as loss of data availability, loss of confidentiality and extensive damage to business assets and system resources. Attackers taking advantage of QuickTime’s security holes are typically identity thieves or hackers searching for bank account numbers, passwords and data that allows them access to funds.

This warning does not apply to Mac users, since Apple continues to provide security updates for QuickTime Player 10 installed on Mac computers.

Although QuickTime will continue to operate normally, it is strongly recommended users uninstall QuickTime if they are using Windows. Instructions for uninstalling Apple QuickTime for Windows can be found here: https://support.apple.com/HT205771

Problems for Creative Cloud Users

Adobe recently issued a statement warning Creative Cloud users may experience disruption of their service due to “several codecs remaining dependent on Quicktime installed on Windows”. According to Adobe representatives, they are currently working to correct this problem but have yet to develop initiatives capable of overruling QuickTime vulnerabilities.

Author: Joe Martin, Date: 2016-04-23