US advises deleting QuickTime from Windows computers

April 15, 2016
A cyber security team at the US Department of Homeland Security is advising people to remove QuickTime media software from Windows computers to avoid being hacked

A cyber security team at the US Department of Homeland Security is advising people to remove QuickTime media software from Windows computers to avoid being hacked.

The US Computer Security Readiness Team (CERT) on Thursday issued an alert after Trend Micro put out word that Apple will no longer be updating defenses in QuickTime and that two vulnerabilities in the program could be exploited by hackers.

"Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems," CERT said in the alert.

"The only mitigation available is to uninstall QuickTime for Windows."

The advisory did not apply to QuickTime running on Apple computers.

Apple's QuickTime is one of several programs allowing computer users to view videos and other media files.

Cyber firm Trend Micro said in an online post that it was not aware of any attacks that have taken advantage of the QuickTime weaknesses, but the best defense was to follows Apple's own advice and uninstall the programs from Windows-powered machines.

Apple did not reply to an AFP request for comment.

Explore further: Critical QuickTime Update Released

Related Stories

Redirect to SMB vulnerability in Windows discovered

April 14, 2015

News stories on tech spots on Monday reported that the Irvine, California, security company Cylance's SPEAR research team discovered a vulnerability relating to all versions of Windows including the Windows 10 Preview. The ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

NASA instruments image fireball over Bering Sea

March 22, 2019

On Dec. 18, 2018, a large "fireball—the term used for exceptionally bright meteors that are visible over a wide area—exploded about 16 miles (26 kilometers) above the Bering Sea. The explosion unleashed an estimated 173 ...

8 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

RichManJoe
5 / 5 (2) Apr 15, 2016
Could this be tit for tat?
loneislander
not rated yet Apr 15, 2016
Would it be good enough to just not run quicktime files? Or can quicktime f you when you're not using it?
antialias_physorg
5 / 5 (8) Apr 15, 2016
Quicktime plugins can be embedded in webpages. So it can be activated if you just visit a website (though I'm not sure if the quicktime vulnerabilty for executables is also present in the quicktime browser plugins)

In any case: Quicktime is the pits when it comes to video. Always has been last choice in that category.
TheWalrus
4.2 / 5 (5) Apr 15, 2016
It's like adding "gravel" to the long list of things you shouldn't eat.
IronhorseA
not rated yet Apr 16, 2016
Just as long as older games that require it are patched to some other media player.
Eikka
not rated yet Apr 16, 2016
Quicktime plugins can be embedded in webpages.


What browser even understands quicktime these days? It's not in the HTML5 stardard as a supported format, or in -any- web standard for that matter, so you'd have to explicitly load a plugin to view the videos.

In other words, it's only a problem if you're running something like Internet Explorer with a Windows Media Player plugin loaded, that automatically loads the Quicktime codec when you click a link to open a file. In other words, stupid + stupid + stupid = stupid.
compose
Apr 16, 2016
This comment has been removed by a moderator.
Garrote
2 / 5 (4) Apr 18, 2016
Second time DHS has issued a software alert and both times when Microshaft needed the market advantage. Last time was with Java when a new android model was coming out that competed with Windoze, even though Sun had a patch within the day, and they still repeated it after the patch was out.

That time we found out that it was tit for tat- Microshaft hands them the encryption keys to Outlook and they issue the alert when MS wants it. Guess there were new keys for Windoze 10 and this is what they got for it.

It's like those AFOSI planted UFO stories. You always know it's AFOSI because they never happen near AF bases. Microshaft products are the most security prone on the planet...but DHS has to warn us about Apple and Sun. Right.

Isn't tomorrow "Kick the First Windoze User You See" day?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.