Warning to Window users with QuickTime installed on their computers–uninstall it, now.
Clients on our managed IT services agreements currently have this addressed. Questions? Call us immediately.
According to a statement issued by the U.S. Department of Homeland Security Computer Emergency Readiness Team: “Computers using unsupported QuickTime software may increase risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows”.
Released over 20 years ago, QuickTime is Apple software used to play audio, image and video files. Apple suddenly stopped providing security patches a few weeks ago due to Zero Day Initiative advisories issued by Trend Micro , an Internet security company that originally discovered two, critical QuickTime vulnerabilities–ZDI-16-242 and ZDI-16-241.
Trend Micro told Apple about the security holes in QuickTime, but Apple neglected to patch these vulnerabilities even though they provided an update to QuickTime in January, 2016. When Trend Micro asked Apple why they didn’t fully secure Quicktime, Apple simply stopped updating the software and have since abandoned it to the wilds. Consumers should also be aware that Oracle Java 6 and Microsoft Windows XP are no longer receiving security upgrades and are subject to remote attack from hackers.
Explanation of Quicktime’s Security Holes
ZDI-16-242 and ZDI-16-241 allow hackers to execute random code in QuickTime software. Users must open malicious files or visit malicious pages for exploitation of vulnerabilities to occur. Since the flaw was found in QuickTime’s moov atom, attackers need to specify invalid values for specific fields existing in the moov atom. Once inside, attackers insert data outside an allocated heap buffer, which they use to leverage execution of arbitrary code within the QuickTime player.
Windows users keeping QuickTime installed on their computers could potentially suffer negative consequences, such as loss of data availability, loss of confidentiality and extensive damage to business assets and system resources. Attackers taking advantage of QuickTime’s security holes are typically identity thieves or hackers searching for bank account numbers, passwords and data that allows them access to funds.
This warning does not apply to Mac users, since Apple continues to provide security updates for QuickTime Player 10 installed on Mac computers.
Although QuickTime will continue to operate normally, it is strongly recommended users uninstall QuickTime if they are using Windows. Instructions for uninstalling Apple QuickTime for Windows can be found here: https://support.apple.com/HT205771
Problems for Creative Cloud Users
Adobe recently issued a statement warning Creative Cloud users may experience disruption of their service due to “several codecs remaining dependent on Quicktime installed on Windows”. According to Adobe representatives, they are currently working to correct this problem but have yet to develop initiatives capable of overruling QuickTime vulnerabilities.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.