View Single Post
Old 28-04-16, 01:16   #1
jenkins4
Official Site Uploader & TECH ADVISOR
 
Join Date: Aug 2013
Location: Australia
Posts: 8,276
Thanks: 217
Thanked 2,765 Times in 2,102 Posts
jenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond reputejenkins4 has a reputation beyond repute

Awards Showcase
Bronze Medal Gold Medal Gold Medal Gold Medal 
Total Awards: 4

Breaking News Uninstall QuickTime for Windows - NOW!

Uninstall QuickTime for Windows - NOW!

Windows PC users who have the Apple QuickTime video player installed should uninstall it immediately to prevent its exploitation by hackers, says Apple, the U.S. Department of Homeland Security, security experts at Trend Micro, and anyone else you may ask. Here's the How and Why…

QuickTime for Windows: Unsafe

I'm not sure I would take computer security advice from the Department of Homeland Security. But there are two good reasons to uninstall QuickTime for Windows. First, Apple has ended all support for it, including security patches. (QuickTime for Apple products is still supported.) Second, Trend Micro has discovered two unpatched critical vulnerabilities in QuickTime, and Apple is apparently not going to fix them.

Trend Micro revealed the two zero-day exploits when Apple announced it isn’t going to patch them, in accordance with Trend Micro’s “Zero Day Initiatives Disclosure Policy.” Normally, security experts don’t reveal vulnerabilities publicly until the affected vendor issues a patch. But in cases where the vendor drags its feet, or flatly refuses to patch holes, disclosure enables users to be on guard, and may inspire a third-party developer to come up with a patch.

The first vulnerability, dubbed ZDI-16-241, requires user participation. A hacker must persuade a user to visit a malware-infected site or open an infected file, such as an email attachment, using QuickTime. If successful, the hacker gains the ability to execute any program he wishes on the target device.

Time to remove QuickTime for Windows

The second vulnerability, ZDI-16-242, does not require user participation, making it more dangerous than the first. By injecting a malformed index into a portion of QuickTime, the hacker forces a memory overflow that allows malware to escape the memory “sandbox” and act throughout the affected device. That action could be anything a malware program can do.

These vulnerabilities have existed since 2005, at least; that’s the last time Apple updated QuickTime for Windows. Even QuickTime for Mac hasn’t seen a major new version since 2009. Apple long ago gave up on its quest to make QuickTime's MOV format the video file standard. But some programs still use it.

Will You Miss It?

Windows 7 has supported .MOV files without needing QuickTime since 2009. QuickTime won’t be missed in most cases. A handful of obscure applications may require QuickTime in order to work properly.

Currently, only Trend Micro’s TippingPoint IPS provides protection against threats that seek to exploit these two QuickTime vulnerabilities. I expect to see similar protection added to other security apps in the very near future. (You are getting automatic updates from your internet security software, right?)

To uninstall QuickTime for Windows, click Start, open Control Panel, then click Programs and Features. Find QuickTime in the list of programs, right-click, then select Uninstall. Don't be surprised if you get a scary-looking popup asking "Do you want to allow the following program from an unknown publisher to make changes on this computer?" That's just the QuickTime uninstaller. Click Yes, and QuickTime will be removed from your computer.

Oddly, the program remains available for download from Apple's website. Apparently, Apple thinks there will remain some users who just can’t live without it, even with these critical flaws.

QuickTime joins the ranks of other orphaned or high-risk programs such as Windows XP, Java (but not Javascript), and Netscape. These neglected programs should not be used, as they become more vulnerable to hackers with each passing day.

Urgent Call to Action: Uninstall QuickTime for Windows Today
http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

Last edited by jenkins4; 29-04-16 at 21:23.
jenkins4 is offline   Reply With Quote