Okay, here’s the tl;dr version: If by any chance you’re using Apple’s QuickTime on Windows systems, you should uninstall it right away. Serious security flaws have been discovered in QuickTime’s Windows version and Apple is not in mood of fixing them.
These two vulnerabilities were found and reported to Apple by Zero Day Initiative (ZDI) back in last November. After acknowledging these flaws, Apple advised ZDI that QuickTime would be deprecated on Windows platform and removal instructions will be published for users.
According to ZDI findings, these heap corruption remote code execution vulnerabilities allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime after user’s interaction. Now that Apple has decided not to release further updates for QuickTime on Windows and not to patch these flaws, only way to stay protected is to uninstall it from your computer.
After ZDI findings, security advisories have been released by Trend Micro, followed by US-CERT (Computer Emergency Readiness Team). Oddly (and sadly) enough, Apple did not think it was necessary to warn their customers and kept things in dark.
The only mitigation available is to uninstall QuickTime for Windows
Apple has still not made any public announcement regarding these vulnerabilities or its plan to kill QuickTime on Windows. But now that we know the software is prone to serious attacks (and that Apple won’t give a damn), there’s no reason to keep the software in our system.
QuickTime on Windows? Seriously, who uses such thing?
If you think the same, then have a look at Programs and Features under Control Panel. You might find QuickTime installed on your PC. Back in days, QuickTime was a requirement for iTunes to work on Windows. While installing iTunes, QuickTime might have automatically installed without your knowledge. So better go ahead and check of you have it installed.
Does this affect iTunes too?
No, this advisory is not related to iTunes. iTunes should continue to function normally. Make sure to keep it updated though.
What about Mac users? Should they uninstall QuickTime too?
Apple is not killing QuickTime on Mac OS. It will continue to receive updates so keeping it updated should keep your Mac immune from these vulnerabilities.
What if I don’t take action?
Well, as US-CERT states: “Using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets.” So, make your choice.
Okay, How to uninstall QuickTime from Windows?
You can simply go to Control Panel > Programs and Features, find QuickTime and uninstall it. On Windows XP, you can find Add/Remove Programs under Control Panel. (PS: You should not be using Windows XP either)
Apple is yet to make any announcement from their end. We will wait till the company comes forward with something more to add. Till then, uninstalling QuickTime should keep your PC protected (from these two particular vulnerabilities).
Do you use QuickTime on Windows? What do you think about these security flaws and Apple’s End of Support for QuickTime? Feel free to add your comments.