Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Uninstall QuickTime For Windows Today - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Uninstall QuickTime For Windows Today

Tippingpoint's Zero Day Initiative made two vulnerabilities for Quicktime in Windows public yesterday [1][2]. The two vulnerabilities do allow remote code execution, but there is a bit of user interaction required in that the user has to visit a web page with a malicious file to get exposed to the exploit. The CVSS score for both vulnerabilities is 6.8.

Usually, I would point to a patch at this point. But Apple responded to TippingPoint stating that Quicktime For Windows is no longer a supported product, and no updates will be released to fix these two vulnerabilities.

Apple published a page with details about how to uninstall Quicktime [3]. But I can't find any other official announcement from Apple about the state of Quicktime, other then the TippingPoint vulnerability release. As part of the uninstall instructions, Apple recommends searching for "Uninstall QuickTime." Please make sure to only search locally, do not use a Bing/Google/... search as it may lead to suspect software. A quick check I just did doesn't show anything terribly suspect; there are at least a couple spammy links in Bing.

 

 

[1] http://zerodayinitiative.com/advisories/ZDI-16-241/
[2] http://zerodayinitiative.com/advisories/ZDI-16-242/
[3]https://support.apple.com/HT205771

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019

Johannes

3575 Posts
ISC Handler
Messaging on this has been horrible, but that's to be expected if the provider refuses to take ownership. Here's another reference
https://www.us-cert.gov/ncas/alerts/TA16-105A
Dean

135 Posts
Oh, it gets better: Apple Software Update is still suggesting installing QuickTime for Windows, at least as of this afternoon. It's not automatically selected or installed, but users that have any other Apple product (such as iTunes or iCloud for Windows) are periodically told "new software is available from Apple," including the vulnerable QuickTime 7.7.9. Here's a screen cap: http://www.securityforrealpeople.com/2016/04/got-quicktime-take-moment-to-unget-it.html
David Longenecker

5 Posts
Removed Quicktime from 3 systems to be prepared, clicked Apple Update and was told I need to download Apples Quicktime 7 Abandonware. Somebody can't find the seat of their pants with both hands and a flashlight.
David Longenecker
57 Posts

Sign Up for Free or Log In to start participating in the conversation!