A recent report from TrendMicro/ZDI stated that Apple has ceased development of Apple Quicktime, and has also revealed two critical vulnerabilities under their Zero Day Initiative. These two vulnerabilities are considered “remote code execution” vulnerabilities, which means a miscreant could get the victim to click on a link or visit a website, and can remotely hack into the computer, without ever physically being in front of the computer.
These two vulnerabilities have prompted the US-CERT, a group in the Department of Homeland Security, to issue a public statement about removing Quicktime from your computer. Some readers may remember a time when Apple iTunes required users to have Quicktime installed on their computers, however, this is no longer the case. Apple has even published a post which states, “If you no longer need QuickTime 7, here’s how to remove it from your PC.”
We recommend that you uninstall Quicktime from all of your computers, as these two vulnerabilities are likely to never be fixed.
To remove Quicktime, follow these easy instructions
- Windows Vista and Windows 7 Users: Start > Control Panel > Programs > Programs and Features, then double-click on QuickTime
- Windows 8.1 or 10 Users: Right-click Start and choose Control Panel, then follow the Windows 7 instructions above
PC Pitstop has yet to see these vulnerabilities being used in the wild, however, our experience tells us that it won’t be long before they are bundled in the majority of the exploit kits being sold on the underground marketplace.
Update: Our security team was cited regarding this issue in Forbes Magazine and ETCentric.
