Homeland Security warns PC users to uninstall QuickTime after critical flaws are discovered

By midian182
Apr 15, 2016
Post New Reply
  1. If you’re a PC user who still has QuickTime installed, you should heed the advice from the Department of Homeland Security and remove it. The DHS warning comes after researchers from Trend Micro found two critical security flaws in the multimedia program.

    The security firm’s Zero Day Initiative released details of the two vulnerabilities yesterday, which could allow attackers to execute code on a target computer if a user visits a malicious website or opens a malicious file.

    Trend Micro isn’t yet aware of any attacks that have used the flaws, but as Apple is deprecating support for QuickTime on the Windows platform, there aren't going to be any patches released that close them.

    "We're not aware of any active attacks against these vulnerabilities currently," said Christopher Budd, Trend Micro's global threat communications manager. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it."

    "In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it."

    The Homeland Security warning comes via its Computer Emergency Readiness Team (CERT). "The only mitigation available is to uninstall QuickTime for Windows," the alert said. The vulnerabilities aren’t found in the Mac version of QuickTime, so iOS users don’t have to worry.

    There are still a large number of Windows users that have QuickTime installed. For those wanting to keep their PCs safe, Apple provides a guide on how to remove the program.

    Permalink to story.

    Last edited by a moderator: Apr 15, 2016
  2. Teko03

    Teko03 TS Maniac Posts: 302   +104

    I don't think any one would even have QuickTime installed if Apple didn't sneak it into the iTunes installer.
    Phr3d, trgz and LiveResistance like this.
  3. SirGCal

    SirGCal TS Maniac Posts: 365   +136

    One of the reasons I don't use iTunes either... My private and legal MP3 collection is plenty when combined with the online radio like Pandora.
  4. tonylukac

    tonylukac TS Evangelist Posts: 1,291   +55

    I think they have it wrong. Typical. The culprit is itunes, but everything apple uses that, which allows torrented stolen mp3s to load onto ipods and iphones. Never torrented one. Illegal things like torrented movies aren't playable on quicktime. It won't play 1080p, so blu ray (and downloads) won't play on it. In some cases there may be dvd versions that will play. Again vista, peddling vista, came with windows media player blu ray, not in win 7, 8, or 10, so SOMETIMES (when it's happy) windows media player will play encrypted blu ray dvds. All my u of I urbana android and stanford iphone materials and now playable only on mac.
    Last edited: Apr 15, 2016
  5. Camikazi

    Camikazi TS Maniac Posts: 795   +217

    Windows has never natively supported Blu Ray, they still don't actually, you heed a third party player or codec for them so if you are playing Blu Rays on Vista it's another program allowing it and not Media Player. Secondly, you don't know how videos work do you? Quicktime very much supports 1080p and lots of videos you download since them being illegal isn't really something you can tell by just the file. As long as the format the video is created in is supported by Quicktime (or any third party codec installed) Quicktime will play it. As for this article the problem is Quicktime and not iTunes, that is made very clear in the article.
    trgz likes this.
  6. captaincranky

    captaincranky TechSpot Addict Posts: 11,456   +1,759

    What's Quicktime?:confused:
  7. slvrwlf109

    slvrwlf109 TS Rookie

    I have been using Quick Time for almost fifteen years with no trouble at all. I do have one big question about this "warning" from in the world can those *****s have the gall to warn people about something like this when the US government can't even keep its own systems secure?
    kanehi and trgz like this.
  8. Raoul Duke

    Raoul Duke TS Guru Posts: 860   +307

    Wow, Homeland Security acting IN the public interest. Who knew?

    edit: actually I don't want to slur the many fine individuals working to maintain liberty, it's just post-Snowden you wonder who you can trust with what, or who is looking at the actions of who is looking after the public. Are all actions in the public interest? But I couldn't resist the pun, no intent to dishonour many fine individuals
    Last edited: Apr 16, 2016
  9. captaincranky

    captaincranky TechSpot Addict Posts: 11,456   +1,759

    I think what many of you missed was Apple's ignoring the issue in Windows computers. That would have been a pivotal point to rail about.

    In fact, I would have quoted it myself, save for the fact they've crippled the ability to quote out of context in the forum's software.

    It's true enough, I could have still pulled it off, but who really want's to slog through deleting a bunch of HTML coding to get to a sentence or two?

    What the hell, here it is
    Y'all can play "what punctuation mark am I thinking about", on your own.

    To their great credit though, Apple is giving instructions for removing it, like any other virus.

    To briefly step back, isn't "Quicktime", part of the crap Apple installs with iTunes, to sludge up and slow down Windows computers in the first place?
    Last edited: Apr 16, 2016
  10. Carmaine

    Carmaine TS Rookie Posts: 16

    Thank goodness Apple provided a removal guide.

    I would have never figured it out.
  11. kanehi

    kanehi TS Rookie Posts: 41   +6

    I totally agree. Why is DHS giving out the notice and not Microsoft, Apple or even Trend Micro? I wonder if government computers were compromised with the QuickTime app. Even Trend Micro states no computers have been affected yet.
  12. Camikazi

    Camikazi TS Maniac Posts: 795   +217

    Trend Micro did announce it, there is a link to the announcement in the article, and as for CERT if you look at their site they put out all types of security warnings and even updates on programs. It's nothing new for them to do, this is just a bigger one. You can find info on all types of vulnerabilities and program security updates on their sites for the bigger companies.
  13. captaincranky

    captaincranky TechSpot Addict Posts: 11,456   +1,759

    All in all, I found this thread quite refreshing.:) It gave everybody something to b***h about besides Adobe Flash for a change. (y):p
    Phr3d likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...