Windows Users Warned to Uninstall QuickTime
Apple is advising Windows users to uninstall its QuickTime multimedia player and browser plugin. The company has discontinued security updates for the Windows version of QuickTime and as a response to new security threats has advised users to remove the software. This comes as a result of TrendMicro releasing two advisories through its Zero Day Initiative program about critical vulnerabilities targeting QuickTime for Windows.
A zero day vulnerability refers to a security flaw in software that was not previously known to its creators or to the general public. Subsequently, the vulnerability can be exploited by cybercriminals to infect or infiltrate computers running the software. According to Trend Micro, “We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.” As Apple has stopped providing security updates for QuickTime on Windows, the company’s response to the discovery of these vulnerabilities was to provide a link to their removal instructions.
Both of the reported vulnerabilities could allow an attacker to remotely execute commands on the target’s Windows computer, potentially injecting and executing malicious code to hijack and infect the target machine. As a result, the US government has warned users to uninstall QuickTime through its Computer Emergency Readiness Team (US-CERT), a part of the Department of Homeland Security. They note that "Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets." Even without known vulnerabilities, software which is no longer receiving security updates can become vulnerable to exploitation by cybercriminals.