New security flaws discovered in QuickTime for Windows, and Apple isn't going to fix them

By Dan Thorp-Lancaster
published

In a blog post today, security researchers at Trend Micro have announced the discovery of two new critical vulnerabilities in QuickTime for Windows. While Trend Micro says it is not aware of any active attempts to exploit the vulnerabilities, the firm revealed that Apple is deprecating QuickTime for Windows, indicating the two flaws will not be fixed in the future.

From Trend Micro (opens in new tab):

We're not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.

The U.S. government's Computer Emergency Readiness Team has also recommended that all Windows users uninstall QuickTime in response to Trend Micro's report:

Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.

Dan Thorp-Lancaster
Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

82 Comments
  • Who uses it now anyway?
  • That's correct, but for some music production apps like studio one, the movie playing within the software is running on quick time and won't play without it. ~DheeraJ~
    Lumia 640XL 10586.218
  • Vegas Pro requires QuickTime for Windows to use some video formats.
  • Same with Pro Tools.
     
  • Anyone who is a video editor and uses Adobe premier pro
  • You need the codecs but not to use the application to view the movies. There's alternatives to the stupid quicktime
  • Yeah, like ffdshow. I have not installed QT in the past decade ever since ffdshow added support for QT.
  • ^^^ This. Can you believe the storm that would happen if Microsoft tried to pull this? I think MS did try and it resulted in a mess of anti-trust lawsuits and such and rightly so back in the day. But at least MS kept their stuff basically patched (right? I might be wrong). Apple? Naw, for they get a free pass to make people use their specifications however they won't guarantee the software's safety? >:( As a video editor/producer who decided that Apple isn't for the professional video industry anymore - and their appalling FCPX debacle is Exhibit A - this is just another bit of proof. Especially since you can usually just bypass this mess by changing .mov to .mp4 and be done with it. (There are exceptions dealing with actual professional codecs like ProRes or Animation.)
  • This.
  • I'm using it right now. I render out animation previews and view them with Quicktime. This is a bummer to read.
  • Are there any alternatives?
  • Yep, QuickTime Alternative is a lite version that's get the work done Posted via the Windows Central App for Android
  • Use PotPlayer for all your media playback needs.
  • RealPlayer does the job for me Posted via the Windows Central app for Windows 10 Mobile
  • That's a name I haven't seen in YEARS
  • Haha yeah, realplayer was good 17 years ago, but then became utter bloatware and died a deserved death. I can't believe anyone uses it at all anymore
  • Someone's still a part of the Napster generation.
  • Won't affect you unless you're viewing stuff online or from 3rd parties
  • People like myself professional animators, and editors
  • Gopro needs quicktime ti run.
  • Less about who uses it and more about who has it installed.
  • Why would anyone want to, but then again if you're on a older OS I see why it's needed. I remember a**holes use to format videos only in QuickTime so you had to download that it!
  • Always hated QuickTime.. Almost as much as I hate iTunes. I don't care, when some thing "required" QuickTime, I stop using it... Apple was so busy trying to kill flash and the say the oc market is gone... Just about all their services and applications suck... Yet people want it... Damn... Posted via the Windows Central App for Android
  • This. Precisely this... To the letter!
  • What is the oc market? +950 XL DS NAM CV Windows 10 Mobile
  • The obsessive compulsive market? The over-clockers market? I dunno
  • Objective C? Posted from Windows Central for Windows 10
    Using the Alcatel OneTouch Fierce XL for Windows 10
  • Obsessive C? Posted with awesome WC app on SP2
  • Orange chuice, mang...
  • So.. when will Windows Defender uninstall Quicktime automatically because it is a threat.
  • It doesn't do that it just deletes it leaving trace in the registry
  • I hope soon
  • I never wanted to use QuickTime, but even the latest version of Adobe After Effects still requires QuickTime components... Posted via the Windows Central App for Android
  • True. I think (and hope) adobe will do something About that.
    Anyway quick time as player is awful, but it's useful for exporting stuff right away or cutting files without exporting. Are there some other software or players that do the same?
  • Hi I'm a bot Skype bot
  • Lol
  • Hi, I'm the neg bot. ;)
  • Abandoned Quicktime in the 90's, gave lots of errors back then already. Consistently removed it from all PC's friends asked me to look at
  • I hope you asked permission first lol.
  • Good job making this front page news for hackers. Some things are better left unsaid
  • I can assure you, hackers are not trolling sites like this for tips. When sites like this post the news, it is after the fact, the hackers already know it is people like you who don't and need to be informed.
  • Lol you thought hackers only exploit vulnerabilities when sites report them? Not everyone of them have usernames like xXx_h4x0r_xXx...
  • Which is better? Telling everyday users on a site like this so they can uninstall it, or leaving the news to only run on hacker-dedicated forums? Do you also wish we didn't know the NSA was illegally spying on us because now more NSA agents know about the program?
  • I'm sure if there's enough publicity they'll fix it. Or apps will have to grow a set and use another video engine to make their apps run (premiere etc).
  • and ofcourse.... wanting to do ANYTHING with video in adobe requires Quicktime to be installed.... Considering it's still used (in most multimedia production apps) apple should jump on and fix it.. And for those that think people should just dump it, easier said than done for those of us doing anything with pro level production apps... maybe this will push them all to move away from quicktime, but it'll take time.
  • It will be interesting on this one if apple do their usual dump and run.
  • I also use Premiere but it's not mandatory to have it installed. You'll just have to avoid Apple's format.
  • You could always use apps like quicktime alternative or quicktime lite if you need that support on your system
  • If only they released Quicktime X for Windows but nah!
  • Never used it,never heard of it.
  • Lol. Never heard of it?
  • Never Windows FAN... >>LUMIA 640 XL
  • you must be very young then
     
  • Like under 15!
  • Yeah, because Quick Time is giving some of us funky tingling in some extremities.. the kind of tingling we buried deeply a long time ago to avoid killing anyway.
  • Quicktime format reduces the file size while keeping the quality same in Adobe After Effects, really a must have tool for video editors and graphic designers.
  • I don't do a lot of video editing, but I found Quicktime format to have a pretty bad quality to size ratio. Now, I realize that .mov is a container file and it is dependent on the internal codec, but I always found .WMV defaults to be about half the size for the same quality as .mov when encoding. And this was before .mp4, which makes the rest moot. If you really were a _good_ video editor, you would know this.
  • Quicktime... Whooooooooo?!?! Posted from Lumia 950xl
  • QuickTime is so bad that this article crashed the WC app lol
  • Remember from my dim dark past, much like i remember my 300 baud dialup modem.
  • Just had an old version of Quicktime on my computer for GoPro editing software. My Hero 4 went Tango Uniform so don't need that software nor Quicktime. Just uninstalled both. My laptop is very happy.
  • Is this an Apple trick to try to boost their hardware sales? Posted with awesome WC app on SP2
  • Nobody is spending 2000 just because of QuickTime. Posted via the Windows Central App for Android
  • "But that's what you're supposed to think!" Kappa ----------
    I am someone, of the 2639th variety.
  • Now that apple has MS office,  this is the EFFFF You that comes back!  awesome.  Just ANOTHER reason that i think Apple is the scum of the earth! Tim Crook and company are a bunch of bottom feeding leaches.
  • Long live VLC Posted from WC for W10 running on my 930.
  • PotPlayer the best! Lumia 640 XL Dual SIM
    Build 10.0.586.218
  • Of course comparing Apple stopping support for QuickTime and Microsoft stopping support for Windows XP is just plain silly. Microsoft gave many years worth of very public warnings and supported XP with security patches for those years. Apple found out they had security holes in November, didn't fix them in their January patch and when the holes were announced on schedule by those who found them and warned Apple, they silently dropped support with no warning leaving users who still used the product vulnerable for however long it takes them to find out there is a problem.
  • But that's the way apple works. They simply don't care.
  • Yes, but I expect Windows Central not to defend Apple by equating the two as they did in this article.
  • I don't use anything apple, has QuickTime been replaced by something else?
  • "* This will never happen."
  • Seriously, who the hell uses Quicktime?  I didn't when it was relevant, it sucked... I still remember the "Why Go Pro?" prompts and it being an Apple product, worked about as well as you'd expect from the makers of Fisher Price OS
  • I never ever used quick time
  • Does QuickTime still get installed along with iTunes? It would be good if iTunes notified users to uninstall QuickTime if it's presently on the system
  • iTunes? Haha, people still use that garbage?
  • I suppose one or two use iTunes. You have noticed that there are a lot of iPhones and iPads out there, right? I expect a good  percentage of those users have Windows laptops or desktops (or Mac numbers would be a lot higher). So what management software do you suppose they installed, regardless of what you think of it.
  • I don’t know anyone who uses iPhone or iPad anymore. They either switched to Android for their phone or Windows for their tablet. For Apple device management, there are a lot of alternatives on Windows thats not bloatware garbage like iTunes.
  • The last PC I had with Quicktime installed was running Windows XP SP1.  
  • Looking for help - I typically don't use Quicktime for anything but PowerPoint presentations.  My videos (mp4) will run in Windows Media Player, but will NOT run in PowerPoint 2013, unless i have Quicktime.  Is there a setting such that I can delete Quicktime? Any help would be appreciated.  Thank you in advance - John
  • Convert the movies to mpg, or other format. edit: I tryed now to use an mp4 on PPT2013 and you don't need quicktime for that. The test was made on a Surface RT and an mp4 movie worked great on ppt - there is no quicktime on Surface RT. Even on editing, I believe you don't need quicktime to produce mp4 movies. Quicktime are associated with mov codecs.
  • Nice to see Trend Micro catch up to the truths of 1999.