US advises deleting QuickTime from Windows computers

April 15, 2016
A cyber security team at the US Department of Homeland Security is advising people to remove QuickTime media software from Windows computers to avoid being hacked

A cyber security team at the US Department of Homeland Security is advising people to remove QuickTime media software from Windows computers to avoid being hacked.

The US Computer Security Readiness Team (CERT) on Thursday issued an alert after Trend Micro put out word that Apple will no longer be updating defenses in QuickTime and that two vulnerabilities in the program could be exploited by hackers.

"Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems," CERT said in the alert.

"The only mitigation available is to uninstall QuickTime for Windows."

The advisory did not apply to QuickTime running on Apple computers.

Apple's QuickTime is one of several programs allowing computer users to view videos and other media files.

Cyber firm Trend Micro said in an online post that it was not aware of any attacks that have taken advantage of the QuickTime weaknesses, but the best defense was to follows Apple's own advice and uninstall the programs from Windows-powered machines.

Apple did not reply to an AFP request for comment.

Explore further: Critical QuickTime Update Released

Related Stories

Redirect to SMB vulnerability in Windows discovered

April 14, 2015

News stories on tech spots on Monday reported that the Irvine, California, security company Cylance's SPEAR research team discovered a vulnerability relating to all versions of Windows including the Windows 10 Preview. The ...

Recommended for you

Technology near for real-time TV political fact checks

January 18, 2019

A Duke University team expects to have a product available for election year that will allow television networks to offer real-time fact checks onscreen when a politician makes a questionable claim during a speech or debate.

Privacy becomes a selling point at tech show

January 7, 2019

Apple is not among the exhibitors at the 2019 Consumer Electronics Show, but that didn't prevent the iPhone maker from sending a message to attendees on a large billboard.

China's Huawei unveils chip for global big data market

January 7, 2019

Huawei Technologies Ltd. showed off a new processor chip for data centers and cloud computing Monday, expanding into new and growing markets despite Western warnings the company might be a security risk.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Apr 15, 2016
Could this be tit for tat?
not rated yet Apr 15, 2016
Would it be good enough to just not run quicktime files? Or can quicktime f you when you're not using it?
5 / 5 (8) Apr 15, 2016
Quicktime plugins can be embedded in webpages. So it can be activated if you just visit a website (though I'm not sure if the quicktime vulnerabilty for executables is also present in the quicktime browser plugins)

In any case: Quicktime is the pits when it comes to video. Always has been last choice in that category.
4.2 / 5 (5) Apr 15, 2016
It's like adding "gravel" to the long list of things you shouldn't eat.
not rated yet Apr 16, 2016
Just as long as older games that require it are patched to some other media player.
not rated yet Apr 16, 2016
Quicktime plugins can be embedded in webpages.

What browser even understands quicktime these days? It's not in the HTML5 stardard as a supported format, or in -any- web standard for that matter, so you'd have to explicitly load a plugin to view the videos.

In other words, it's only a problem if you're running something like Internet Explorer with a Windows Media Player plugin loaded, that automatically loads the Quicktime codec when you click a link to open a file. In other words, stupid + stupid + stupid = stupid.
Apr 16, 2016
This comment has been removed by a moderator.
2 / 5 (4) Apr 18, 2016
Second time DHS has issued a software alert and both times when Microshaft needed the market advantage. Last time was with Java when a new android model was coming out that competed with Windoze, even though Sun had a patch within the day, and they still repeated it after the patch was out.

That time we found out that it was tit for tat- Microshaft hands them the encryption keys to Outlook and they issue the alert when MS wants it. Guess there were new keys for Windoze 10 and this is what they got for it.

It's like those AFOSI planted UFO stories. You always know it's AFOSI because they never happen near AF bases. Microshaft products are the most security prone on the planet...but DHS has to warn us about Apple and Sun. Right.

Isn't tomorrow "Kick the First Windoze User You See" day?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.