Experts: Quicktime for Windows is “bug bait”

Apple and MalwareExperts are warning that Quicktime for Windows, a popular programs for creatives, could pose a serious security risk and should be removed.

According to TrendMicro, two new vulnerabilities have been found to impact Quicktime. These advisories, released earlier this week, are titled  ZDI-16-241 and ZDI-16-242.

Once upon a time, these vulnerabilities would have been patched by a security update. But Apple has announced that they will no longer be providing security patch updates for the program, leaving the program wide open for those who continue to use it.

No Current Quicktime Attacks

Don’t panic too much: TrendMicro hasn’t uncovered any ongoing assaults.

“We’re not aware of any active attacks against these vulnerabilities currently,” they specified in their blog post published yesterday.

“But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.”

The vulnerabilities in question are related to heap corruption remote code executions. One allows attackers to write code outside of allocated heap buffers. Another provides an invalid index to do the same.

Both could lead to user redirects that exposes the unsuspecting victim to malicious files or webpages.

No Surprise To Quicktime Fans

This probably isn’t coming as a huge shock to fans of Quicktime. Over the last couple of months it has become clear that Apple is moving away from the program.

Recently, the browser plugin allowing streaming through websites using the program was removed from the market. Not to mention, Apple never bothered to develop any support for Windows 10, reducing crossplatform compatibility (though users got around this issue).

There have been no updates in security since January. Now it looks like there won’t be any going forward, which is a shame. Quicktime was a decent tool for creatives who rely on Apple products.

Source: TrendMicro

Leave a Comment

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.