Trend Micro has found two critical flaws (heap corruption remote code execution vulnerabilities) in Apple’s PC version of QuickTime that could allow hackers to take over computers. Rather than putting out a fix, Apple recently advised that it will no longer support QuickTime for Windows, and provided the following instructions for removal:
https://support.apple.com/en-us/HT205771
The U.S. Computer Readiness Team (US-CERT) has advised users to remove QuickTime for Windows from their PC’s. Users of QuickTime on Apple OS do not need to do anything.
Clients of NYU IT Desktop Services will have this taken care of for them. Department or School System Administrators will need to perform similar steps if they run Active Directory, or will need to advise clients to remove QuickTime manually. For home computers, or if you’re in a department that does not have local support, you can follow the instructions from Apple, above.
For more information on the vulnerabilities please see:
http://zerodayinitiative.com/advisories/ZDI-16-241/ & http://zerodayinitiative.com/advisories/ZDI-16-242/
For additional information, please see:
https://www.us-cert.gov/ncas/alerts/TA16-105A
http://krebsonsecurity.com/2016/04/us-cert-to-windows-users-dump-apple-quicktime/
http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/