Highlighted
7 Gold

Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

The following was copied/pasted from https://www.us-cert.gov/ncas/alerts/TA16-105A

According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation.

[In particular] The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows.

Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.

========================================

The following was copied/pasted from http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

(E)veryone should follow Apple’s guidance and uninstall QuickTime for Windows as soon as possible.

This is for two reasons.

First, Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.

Second, our Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
5 Replies
Highlighted
8 Krypton

RE: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

So what player is recommended, aside from Windows Media Player?

Ron

   Forum Member since 2004
   I'm not a Dell employee

0 Kudos
Highlighted
6 Gallium

RE: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

I've used Windows Media Player (v.12.x) as my default for many years now without any problems (on my Win7). I believe it is the same version for subsequent Windows OSs, through to Win 10. It is easily downloaded from MS:
windows.microsoft.com/.../download-windows-media-player

IIRC, Quick Time used to be required to play media downloaded from the Apple Store, but that requirement was dropped some years back. I've never missed it.

I don't know if WMP  is the "safest" player out there, but I can't recall seeing any critical or important patches for it in recent times.

[Edit]: Actually my latest Win 10 laptop defaults to a "Groove Music" media player (also from MS, and formerly was Zune Music, or xbox music) that enables syncing music across various mobile devices. I was able to open audio files with WMP 12 also. I'm not partial to listening to music on portables, but FWIW the audio quality with both players was similar via headphones.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
Highlighted
7 Gold

RE: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

I cross-posted this same information at two other forums.   One responder noted:

Sure seems odd I can find nothing on Apple's site saying anything about ending support - and contrary to that TrendMicro blog that everyone seems to be quoting, there is NOTHING in the Apple source documents that says to uninstall QuickTime... I would like to see where TrendMicro go this information because it sure does not appear to be from Apple. :(... It looks like to me TrendMicro just made this up! And sadly, US CERT and all sorts of other sites are taking it viral.

If it's all a misunderstanding (dare I say, "hoax") based on the Trend Micro article, then yes, it's certainly gone "viral":

http://www.zdnet.com/article/apple-deprecates-quicktime-for-windows-with-two-security-holes-unpatche...

https://threatpost.com/apple-deprecates-quick-time-for-windows-wont-patch-new-flaws/117427/

http://news.softpedia.com/news/apple-deprecates-quicktime-for-windows-because-fixing-security-bugs-g...

http://www.iusbpreface.com/2016/04/15/apple-deprecates-quicktime-for-windows-with-two-security-16074...

http://tribumagazine.net/2016/04/apple-deprecates-quicktime-for-windows-with-two-security/

http://nysepost.com/apple-deprecates-quicktime-for-windows-because-fixing-181599

https://apple.slashdot.org/story/16/04/15/0326219/apple-deprecating-quicktime-for-windows-micro-tren...

Now, I will grant, all these may simply be explained as one site "following the leader", all racing to "jump onto the same bandwagon".   If that's the case, and the reports are false, I apologize for posting.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 10 Pro (64-bit), Panda DOME 18.7.4, MBAM4 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, Microsoft EDGE, Firefox, Pale Moon, uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
8 Krypton

RE: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Somebody trying to drive everybody to Windows Media Player because they've got a Zero Day exploit itching to be unleashed on the unsuspecting masses?  emoticon.Surprise.title

Ron

   Forum Member since 2004
   I'm not a Dell employee

0 Kudos
Highlighted
6 Gallium

RE: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced

Well!

A lot of FUD here.

To summarize:

1) TM (a reputable security company) issues an alert that it discovered 2 new zero day exploits of QT for Windows 4 months ago, and because Apple reportedly has indicated it will not fix them, now makes them public, and recommends uninstalling QT.

2) US-CERT (part of the Department of Homeland Security) is sufficiently impressed that it issues its own alert. One would hope that they did their homework, and was not merely parroting commercial alerts.

3) Apple remains strangely quiet on this matter, more than 24 hours after it was published.

All I can add to this is that coincidently I updated iTunes today on my Win 7, and for the first time QT was not listed as an optional update after a reboot. I also installed iTunes for the first time on my Win 10 system - once again no option to install QT. It seems that QT for Windows is no longer being pushed.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 10 Pro (64- Bit): Malwarebytes 4.x Premium, Windows Defender AV, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos