Last week (April 14), Trend Micro provided information about two serious security vulnerabilities in Apple’s QuickTime for Windows. The popular media player has been “deprecated” by Apple and is apparently no longer receiving security patches or updates. That means that the problems will likely never be patched. The two issues disclosed could allow attackers to execute code and even take over infected systems. The vector of that attack would be to run a specially created QuickTime file. That infected file could be picked up from a compromised Website, or emailed as an attachment. With that, we repeat our usual warnings to limit business Web browsing to trustworthy, business-related sites -- and to exercise great caution in opening any email attachment that isn’t expected and from a known source.
The issue with QuickTime for Windows has been picked up by US CERT (Computer Emergency Readiness Team) who posted this bulletin. US CERT, Trend Micro, many other security outlets, and we are recommending the removal of QuickTime for Windows as soon as possible. Most Apple software, including current versions of iTunes, no longer require QuickTime, and Apple’s response to this matter has, at this writing, been limited to sharing previously published (and well known) removal directions. That certainly suggests that it’s also Apple’s recommendation to uninstall it. The uninstall instructions for QuickTime can be found on Apple’s website, here -- or you may contact us with questions, or for assistance with removal.
