This post if for all PC users running QuickTime for PC by Apple. On April 14, 2016, the United States Computer Emergency Readiness Team (CERT), a division of the US Department of Homeland Security, acting on a report from Trend Micro Security, announced that owners of Windows-based PCs and laptops with QuickTime on their device need to uninstall the software as soon as they can.
The Trend Micro Security report states that they discovered two security vulnerabilities that were not closed following the January 2016 patch issued by Apple for QuickTime for Windows.
At the same time, Apple announced that they would be discontinuing support for the media platform as of March. This announcement was a surprise to QuickTime users as dropping support normally happens well in advance of the software’s end date. It seems as if Apple decided that providing support to this software was a bad business decision.
As all of this was happening, the Zero Day Initiative (ZDI), owned by Trend Micro, informed Apple that two zero-day vulnerabilities, essentially vulnerabilities unknown to the vendor, were embedded in QuickTime for Windows. According to the ZDI, Apple has known about the issues since November 2015, and chose to do nothing about it. After the ZDI announced the two vulnerabilities, Apple responded saying that they planned to “deprecate”, or end support of the software, and sent a note to users that if the software was not being used, it should be deleted for security reasons, and gave instructions on how to remove it.
Apple’s dump of QuickTime is important as users received no warning, nor recommendation to find another media software, or even a reason as to why it was being discontinued. Usually, before a major software program ends security patches are released, like in the case of Windows XP in 2014, and the Java announcement that the browser plugin will be discontinued in 2017.
Because Apple hasn’t released a patch, these know security flaws in the software expose users to potential hacks allowing cybercriminals to take control of their device. This means that personal and confidential information can be stolen before the user is even aware that their information has been compromised.
The US Government and Apple have agreed that users should remove QuickTime for windows as soon as possible or they remain at risk for serious security issues. If you run programs that need QuickTime for Windows, check with the program vendor to determine which alternate media player will work as well.
Doing nothing isn’t really an option at this point, your best course of action is to delete QuickTime for Windows immediately.