Since Apple officially pulled support for Windows QuickTime earlier this year, two major vulnerabilities have been discovered that significantly compromise the security of any Windows machine that currently uses QuickTime player. While the discovery of such vulnerabilities is not uncommon in the IT industry, in most cases the publishing company will quickly release updates to fix these problems. However, for discontinued products such as this, there is not going to be a solution.
Rather than waiting for these exploits to become more widely used, we are asking that all CNC clients remove QuickTime player from their Windows machines. Since we expect QuickTime compatibility to quickly wain as a result of these developments, we also suggest converting your existing .MOV videos into alternate formats such as .WMV or .MP4 as soon as reasonably possible.
Does this affect you?
If you have QuickTime on your Windows computer, it affects you. There are also many common places that your company may be using .MOV videos right now that could be effected by this issue:
- Videos on your website will no longer play in browsers.
- Training, Demo, and Product videos may no longer work after you remove the player, or may be playable by perspective clients.
- Personal videos saved at home may also become unplayable after removing the player.
If you believe this issue might affect you or your business, Let us Know.
*For technical details on these vulnerabilities see ZDI-16-241 and ZDI-16-242.