Your Computer Is Vulnerable to Hackers and Cyberattack as Apple Ends Security Support
Earlier this year, Apple advised that it would no longer support QuickTime for Windows, and the U.S. Federal Government soon followed suit.
The United States Computer Emergency Readiness Team (US-CERT) followed up by issuing an advisory that all Windows users running QuickTime should immediately uninstall the bug-ridden app, due to numerous vulnerabilities that could leave users’ systems open to attack. The advisory specifically warns that those who continue using the software are exposed to cybersecurity dangers, increased risk of data loss and malicious attacks — not to mention that the exploits could allow hackers to take remote control of weakened systems.
The advisory goes on to mention that while QuickTime for Windows will continue to work after Apple ends support, businesses should be aware of the potential negative consequences and liability, which include: loss of confidentiality, loss of data, compromised integrity, and damage to system resources and business assets.
Trend Micro’s Zero Day Initiative Discovered the Bugs and Revealed the Vulnerabilities
This isn’t a hoax or an overly zealous warning designed to frighten users; the QuickTime for Windows bugs were discovered by the reputable Zero Day Initiative (ZDI), which runs a long-established bug-bounty program under Trend Micro.
ZDI’s advisories include details on the two vulnerabilities and how they affect users:
- ZDI-16-241 — Allows remote attackers to launch arbitrary code on vulnerable installations of QuickTime when a user visits a malicious page or opens a malicious file. The exploit resides in the moov atom, which can be used by a remote attacker to execute malicious codes under the authority of the manipulated QuickTime player.
- ZDI-16-242 — This vulnerability offers attackers the same exploitative opportunities and exists within the atom processing, where a cybercriminal can write data outside the buffer by offering an invalid index for access.
Since Apple will no longer be providing security updates for QuickTime for Windows, the vulnerabilities outlined will never be patched, and with the recent press surrounding the whole debacle, even a beginner hacker will have enough information to exploit your system if you are still careless enough to be running QuickTime software.
The only solution to all of this potential carnage is to completely uninstall the software from your system. We tell you how to get rid of it in a quick tutorial below.
Why You Should Get Rid of QuickTime for Windows
Yes, this warning came out a while ago. The problem is, many users haven’t done anything about it. This is serious stuff, and if you weren’t paying attention earlier this year, you should do so now and remove QuickTime from your system immediately. Here’s how:
1. Click your “Start” button.
2. Click on the Control Panel option. If you’re running a more recent version of Windows, enter “Add or Remove Programs” in the search prompt and click “enter.”
3. Select “Uninstall a Program.”
4. Select “QuickTime.”
5. Click on “Uninstall.”
Multiple Windows Security Vulnerabilities Announced Last Week
In addition to the QuickTime for Windows advisory, Windows has recently released a string of new updates for everything from Internet Explorer to Microsoft Office. According to US-CERT, Microsoft released 11 updates to deal with multiple issues in its software, and hackers wishing to exploit the vulnerabilities could obtain remote access to an infected system.
Check out those newest advisories here, and make sure you address the issues or contact your IT professional for advice as to whether your system is safe.
Compunet InfoTech is your local cybersecurity expert, keeping your business’s IT systems safe from current vulnerabilities, exploits and other serious threats. Contact us at (604) 986-8170 or send us an email at info@compunet.ca for more information.