Withdrawal of Apple QuickTime for Windows
Published Date : 19 Apr 2016
Operating System Part No
Last Updated : 28 Apr 2016 Content Ref: TEC5118060
Details on our response to the withdrawal of support for Apple QuickTime for Windows and its latest vulnerabilities.
Apple have announced they will no longer be releasing security updates for QuickTime® for Windows® and they recommend uninstalling QuickTime for Windows.
Mac OSX versions of QuickTime are still being supported by Apple.
Last week (12/04/2016) two vulnerabilities were discovered in Apple QuickTime for Windows application.
At time of writing there are no recorded active attacks using vulnerabilities. However, as neither these nor any new vulnerabilities will be patched you should be taking steps to remove QuickTime from your Windows computers.
Historically, QuickTime was a popular component of many education focused applications and as such its removal needs to be planned. Below is some advice on how to tackle this removal.
Further details of the latest vulnerabilities can be found here ZDI16241 and here ZDI16242. Procedure
There are two options you should consider:
1. Remove QuickTime for Windows
This is the best security option, having a product that has known vulnerabilities, with more being discovered, with access to the Internet is a security risk that can only be dealt with completely by removal of the risk. However, there is a risk that some older packages with multimedia in them or websites using QuickTime movies may stop working, causing an interruption to teaching and learning. If you are confident that no older packages exist or you are happy to accept the risk then removal is the best policy. If any videos have been stored in .MOV format (the QuickTime standard) then these can still be played by many modern video players such as VLC (freeware).
2. Upgrade QuickTime for Windows to 7.7.9
This addresses all bar two of the known vulnerabilities in QuickTime for Windows and removes the browser plugin, so online QuickTime content will not work but local applications dependent on QuickTime will continue to work. You will still have two vulnerabilities (at current count) but these could only be exploited within the school network you would not be vulnerable to malicious websites but could still be vulnerable to email attachments or viruses/malware brought in via USB stick for example. This should only be a temporary measure to address the problem packages on your network.
New Community Connect® 4 (CC4) networks will no longer receive QuickTime at the time of installation. More information can be found at the following:
http://blog.trendmicro.com/urgentcallactionuninstallquicktimewindowstoday/ https://www.uscert.gov/ncas/alerts/TA16105A https://support.apple.com/engb/HT205771
3/6/2017 Withdrawal of Apple QuickTime for Windows