Time may be a factor here though and Trend Micro may have received information directly from Apple that the company deprecated QuickTime for Windows.įact is, QuickTime for Windows has two vulnerabilities that are not patched right now. Safari downloads for Windows are not offered anymore by Apple on its website. If you compare that to how Safari for Windows is handled by Apple, another software the company deprecated for Microsoft's operating system, you will notice that things are different. The QuickTime for Windows download page is still up on the company website and while it is outdated, the last supported operating system is Windows 7, there is no indication that it is no longer maintained by the company. I could not find verification for Trend Micro's claim on Apple's website yet. Back then, Apple released QuickTime 7.7.9 for Windows. This may come as a surprise as the last QuickTime for Windows update dates back to January 2016. This means that the company won't release updates for the product anymore including security updates for it according to Trend Micro. Trend Micro furthermore revealed that Apple deprecated QuickTime for Windows. Nine vulnerabilities were patched in the update, which addressed a number of memory corruption issues that could lead to the application crashing and an attacker taking advantage of the situation to run arbitrary code.Both vulnerabilities allow attackers to execute code remotely if exploited successfully by getting users to visit malicious pages or open malicious files. ![]() “By providing an invalid index, an attacker can write data outside of an allocated heap buffer,” the advisory said.Īpple last patched QuickTime for Windows on Jan. The other flaw was discovered within atom processing, ZDI said. “An attacker could leverage this to execute arbitrary code under the context of the QuickTime player.” “By specifying an invalid value for a field within the moov atom, an attacker can write data outside of an allocated heap buffer,” ZDI said in its advisory. One flaw exists in the moov atom, ZDI said. Apple also said it would publish directions for users wishing to uninstall the software.īoth bugs, ZDI said, allow attackers to execute code remotely, but only after the user either opens a malicious file or visits a website hosting an exploit. 11 and after a status check in February, ZDI was invited to a briefing with Apple in March where it was notified that Apple would no longer be supporting QuickTime on the Windows platform. ZDI said it disclosed the issues to Apple on Nov. ![]() Both vulnerabilities expose Windows machines to remote code execution. Public disclosure of the two bugs hastens the urgency for users to distance themselves from QuickTime for Windows. ![]() “The only mitigation currently available is to uninstall QuickTime for Windows.” However, using unsupported software may increase the risks from viruses and other security threats,” US-CERT said. “Computers running QuickTime for Windows will continue to work after support ends. US-CERT today pushed out an alert advising QuickTime for Windows users that the only mitigation is to uninstall the software. The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product for the Microsoft platform.
0 Comments
Leave a Reply. |