• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Microsoft   »   Urgent Call to Action: Uninstall QuickTime for Windows Today

Urgent Call to Action: Uninstall QuickTime for Windows Today

  • Posted on:April 14, 2016
  • Posted in:Microsoft, Network, Security
  • Posted by:Christopher Budd (Global Threat Communications)
1

We’re putting the word out that everyone should follow Apple’s guidance and uninstall QuickTime for Windows as soon as possible.

This is for two reasons.

First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.

You can find information on how to uninstall Apple QuickTime for Windows from the Apple website here: https://support.apple.com/HT205771

Our TippingPoint customers have been protected against these two vulnerabilities since November 24, 2015 with filters 21918 (ZDI-CAN-3401) and 21919 (ZDI-CAN-3402). Our Deep Security and Vulnerability Protection customers are protected against these two vulnerabilities with the release of DSRU ID: 16-010 which includes the rules 1007594-Apple QuickTime ‘moov’ Atom Heap Corruption Remote Code Execution Vulnerability and 1007595-Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability.

However, even with protections, ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.

For those that want more technical details here are the important points: both of these are heap corruption remote code execution vulnerabilities. One vulnerability occurs an attacker can write data outside of an allocated heap buffer. The other vulnerability occurs in the stco atom where by providing an invalid index, an attacker can write data outside of an allocated heap buffer. Both vulnerabilities would require a user to visit a malicious web page or open a malicious file to exploit them. And both vulnerabilities would execute code in the security context the QuickTime player, which in most cases would be that of the logged on user.

Both vulnerabilities have a CVSS 2.0 score of 6.8. For more details, please see:

  • http://zerodayinitiative.com/advisories/ZDI-16-241/
  • http://zerodayinitiative.com/advisories/ZDI-16-242/

For additional information, please see this advisory from US-CERT: https://www.us-cert.gov/ncas/alerts/TA16-105A

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 18, 2016
  2. TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 25, 2016
  3. Uninstall Apple® QuickTime to Protect Your PC From Security Vulnerabilities
  4. New Windows “zero-day” vulnerability

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.