Security Update:Apple Ends Support for QuickTime for Windows as 2 Zero Day Vulnerabilities Reported
Date and Time
Windows QuickTime Users
The US Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) reports that Apple will no longer be providing security updates for QuickTime for Windows. In addition 2 ‘zero-day’ vulnerabilities pertaining to QuickTime for Windows have been released and users will not be protected against these vulnerabilities.
Advanced Users: For details and affected software refer to:
- US-CERT’s Alert (TA16-105A) Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced - https://www.us-cert.gov/ncas/alerts/TA16-105A
- (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerability - http://zerodayinitiative.com/advisories/ZDI-16-241/
- (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability - http://zerodayinitiative.com/advisories/ZDI-16-242/
- Window users running QuickTime software
Note: This does not apply to QuickTime on Mac OSX.
WHAT'S THE PROBLEM?
- Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss.
- Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.
- All computers (including non-UCSF owned devices) used to store or process UCSF information or connect to the UCSF network to conduct UCSF business are required to meet UCSF Minimum Security Standards for Electronic Information Resources which includes running up-to-date software.
- Computing devices found to be non-compliant to these standards and without an exception on file are subject to being disconnected from the UCSF network and prohibited from connecting to UCSF resources.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, uninstall QuickTime for Windows - https://support.apple.com/en-us/HT205771.
- Trend Micro’s Urgent Call to Action: Uninstall QuickTime for Windows Today - http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-window...
- UCSF 650-16 Addendum B - UCSF Minimum Security Standards for Electronic Information Resources - https://it.ucsf.edu/policies/ucsf-650-16-addendum-b-ucsf-minimum-securit...
- IT Security – http://it.ucsf.edu/security