QuickTime – US Government Tells Users to Uninstall the App

It is quite rare for the US government to issue a warning pertaining to home computer systems (at least when talking about a massive scale), but The Department of Homeland Security has just recently issued an announcement that PC owners should uninstall QuickTime from Windows systems. It is because two vulnerabilities have just been discovered in its code. The primary reason for such vulnerabilities to exist is because Apple is no longer updating the Windows version of their app. The Department of Homeland Security states “the only mitigation” is for users to uninstall the software entirely. Otherwise, they risk “loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets.”

QuickTime - US Government Tells Users to Uninstall the App

The Department of Homeland Security Issues a Warning for Windows Users to Uninstall, or Completely Remove, Apple’s QuickTime App

The advice offered by the US government echoes that of what has been offered by Trend Micro, which is a security firm. Said company, who is also known for their anti-virus programs, has first noted in their Zero Day Initiative pertaining to two QuickTime vulnerabilities for Windows systems. The security company states that they are not aware (at the time of writing) of any successful attacks wherein hackers have taken advantage of the security holes as of late. However, since Apple is not issuing any more updates or patches to resolve the issue, or any other further problems that the app might have for Windows operating systems, then they will forever remain a “welcome mat” to malicious attacks from here on out.

According to the Zero Day Initiative of Trend Micro pertaining to Apple’s QuickTime app, they dictate that “This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the moov atom. By specifying an invalid value for a field within the moov atom, an attacker can write data outside of an allocated heap buffer. An attacker could leverage this to execute arbitrary code under the context of the QuickTime player,” as what has been stated in the company’s Zero Day Initiative page.

Even though the US government is known to put out security alerts pertaining to specific software, such as QuickTime, with the use of their Computer Emergency Readiness Team (CERT), the solutions to these warnings are often open-ended such as sending out an advice to install an anti-virus program or keep on top of updates.


Product Information Only

This website and its content (including links to other websites) are presented in general form and are provided for informational purposes only.

TechnologyPep.com does not sell any products on this site and, to the maximum extent permitted by law, excludes all liability and makes no warranties or representations that the products written about on this site are fit for any particular purpose, or are suitable for any particular use or by any particular person.

TechnologyPep.com is not responsible for the practices of owners of other websites and makes no representations or warranties about the products available for sale on those other sites.

Please check product content information carefully before purchasing any product on another site via a link provided on this site or otherwise.