Apple Denounces Use of Quicktime for Microsoft’s Operating System Windows by Not Patching Bugs

An initiative involving zero-day exploits recently revealed twin severe security flaws within Apple QuickTime working with Microsoft's Windows OS which won't be patched since criticism of the product by Apple has been levied for Windows. US-CERT advises Windows users working with QuickTime towards uninstalling the program as the sole solution.

As per another report that appeared from The Register, during March, Apple notified security company Trend Micro how the former would condemn use of QuickTime on Windows leading to the vendor then publishing directions for removal of the software. Trend Micro informed Apple about the vulnerabilities in November 2015.

The vulnerabilities are exploitable leading to compromise of victim's computer followed with planting malware onto it. All it requires is tricking the infected user into viewing one malware-ridden web-download/file. In response Apple advised removing QuickTime from computers running Windows. Theregister.com posted this, April 14, 2016.

Earlier during 2016, the web plug-in of Apple supporting QuickTime software for Windows got automatically disabled, with the firm since then never really making the application up-to-date for use on Windows 10 or 8. Therefore, the latest disclosure isn't too surprising. Incidentally, QuickTime and iTunes had been disassociated a year-or-two back while iTunes mayn't need running correctly anymore.

Both flaws leverage heap overflows which may get started if a victim accesses one malevolent website alternatively views certain infected file. These flaws are normally exploited for code execution onto the target PC, with attackers ultimately injecting malware else garnering sensitive data.

Apple justified its stand via stating there was no longer any requirement of QuickTime for computers running Microsoft's Windows as an essential to operate iTunes, as also that today's HTML5 playback through HTML5 works quite sufficiently as against browser plug-in of QuickTime.

Apple further recommends that users mustn't even leave QuickTime idle on their PCs as some crook may utilize it like an attack medium.

It was January 7 when Apple last issued a patch for QuickTime, version 7.7.9. The update contained patches for 9 vulnerabilities, including several memory corruption problems which were capable of resulting in collapse of the app with the attacker subsequently executing arbitrary code successfully.

» SPAMfighter News - 4/22/2016