According to TrendMicro, two new vulnerabilities have been found to impact Quicktime. These advisories, released earlier this week, are titled ZDI-16-241 and ZDI-16-242.
Once upon a time, these vulnerabilities would have been patched by a security update. But Apple has announced that they will no longer be providing security patch updates for the program, leaving the program wide open for those who continue to use it.
No Current Quicktime Attacks
Don’t panic too much: TrendMicro hasn’t uncovered any ongoing assaults.
“We’re not aware of any active attacks against these vulnerabilities currently,” they specified in their blog post published yesterday.
“But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.”
The vulnerabilities in question are related to heap corruption remote code executions. One allows attackers to write code outside of allocated heap buffers. Another provides an invalid index to do the same.
Both could lead to user redirects that exposes the unsuspecting victim to malicious files or webpages.
No Surprise To Quicktime Fans
This probably isn’t coming as a huge shock to fans of Quicktime. Over the last couple of months it has become clear that Apple is moving away from the program.
Recently, the browser plugin allowing streaming through websites using the program was removed from the market. Not to mention, Apple never bothered to develop any support for Windows 10, reducing crossplatform compatibility (though users got around this issue).
There have been no updates in security since January. Now it looks like there won’t be any going forward, which is a shame. Quicktime was a decent tool for creatives who rely on Apple products.