We’re never going to be able to plug up every hole in every bit of software, but Apple’s solution to a new set of flaws Trend Micro has discovered is pretty simple: withdraw the app altogether.
If you’re using QuickTime for Windows at the moment for anything — movies, media playback, looking at old videos shot on an iPhone — here’s a suggestion: don’t.
In fact, a better suggestion this week would be to uninstall Apple’s QuickTime, as security group Trend Micro has this week picked up on a couple of security issues which could make it possible for an attacker to execute code on a “vulnerable installation of Apple QuickTime”, which according to Trend is pretty much any installation of Apple’s media player.
Not helping this is the fact that Apple is withdrawing the app and no longer patching it altogether on Windows, meaning the vulnerability is present on every copy of Windows where QuickTime is installed and outside of uninstalling QuickTime, there’s not much you can do.
“QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and is therefore subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it,” said Christopher Budd, Global Threat Communications Manager at Trend Micro.
“Ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows,” he said.
Despite the suggestion of uninstalling it, Trend hasn’t yet seen any attacks designed to exploit either of the two vulnerabilities, but has suggested that since the program is being removed, that is a distinct possibility.
“Given that the program will not receive any patches, there is a possibility that cybercriminals and attackers will use it in the future,” said Tim Falinski, Consumer Director of Trend Micro in Australia and New Zealand.