Researchers form TrendMicro have discovered two (ZDI-16-241 and ZDI-16-242) heap-corruption-based remote code execution vulnerabilities in QuickTime for Windows. Both allow remote attackers to execute custom code and hijack victims computer by luring user to visit a malicious page or open a malicious file.
Instead of fixing the vulnerability, Apple decided to “deprecate support” for the application and urged users to remove the application for their safety.
We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it.
Christopher Budd, global threat communications manager at Trend Micro.
Both weaknesses were reported to and acknowledged by Apple back in November 2015.
Dear readers we would like to ask you to fully uninstall this software and substitute it with other software for your own safety. We recommend to use following method.
- Uninstall QuickTime from Programs & Features
- Go to the folder c:\windows\system32 and delete the files QuickTime.qts and QuicktimeVR.qtx
- Go to the folder c:\windows and delete the files QTFont.for and QTFont.qfn
- Delete the folder c:\program files\quicktime
You can also use a registry script from CodecGuide to “delete all registry keys belonging to QuickTime”. (We have not tested this method yet)
remove_quicktime_registry_stuff.reg (zipped)