Apple has withdrawn support from QuickTime Player for Windows, and will not provide any updates or security updates in future. Leaving QuickTime player a vulnerable playground for exploitation.
US Government has strongly advised it’s Citizens to immediately Uninstall Quick Time for Windows from Laptops / PC’s . The same is also recommended by antivirus firm Trend Micro. Trend Micro has in fact issued an “Urgent Call to Action” asking Windows users to get rid of this software.
Trend Micro has detected few Threats in QuickTime player :
Threat 1 : With Apple withdrawing support for QuickTime for Windows, and not providing any security updates and warning reaching to the users. This may leave Application open for risks from viruses and other security threats leading to serious consequences like loss and theft of personal data.
Threat 2 : Attackers can employ below tricks to target user machine
- When the specific flaw exists within the moov atom. By specifying an invalid value for a field within the moov atom, an attacker can write data outside of an allocated heap buffer. Having done that, the attacker can now leverage this to execute arbitrary code under the context of the QuickTime player.
- When the specific flaw exists within atom processing. By providing an invalid index, an attacker can write data outside of an allocated heap buffer. Using this the attacker can now leverage this to execute arbitrary code under the context of the QuickTime player.
How to Uninstall QuickTime Player from Windows
- Start button
- Control Panel
- Uninstall a Program
- QuickTime player will be given as ” QuickTime 7 “
- Click Uninstall
- For completing un-installation, you need to reboot the machine
Source : US – CERT