The Department of Homeland Security has advised that PC owners uninstall Apple’s QuickTime for Windows, after two vulnerabilities were discovered in its code. Because Apple is no longer updating the Windows version of the software, the DHS says “the only mitigation” is to remove the software entirely, or else risk “loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets.”
The government’s advice echoes that offered by security firm Trend Micro, whose Zero Day Initiative first noted the two QuickTime for Windows vulnerabilities. The company says it’s not aware of any successful attacks that have used the security holes so far, but says that because Apple will not be issuing any patches to close them, they’ll remain inviting to malicious attacks from here on out.
The Mac version is still getting updates
The US government regularly puts out security alerts about specific software via its Computer Emergency Readiness Team (CERT), but the warnings are often more open-ended, advising people to use anti-virus software or keep on top of updates. In QuickTime’s case, Apple has been winding up its support for Windows for a long time — the video player wasn’t supported by either Windows 8 or 10, although some users hit upon a workaround. The company declined to comment to Reuters on the Windows vulnerability, although the DHS notes that the flaws aren’t found in the Mac version of the software, which continues to be updated as normal.
The Verge – All Posts