ALERT!
Just learned about this threat related to Quicktime on Windows computers. Passing along to our members for your protection.
Please read, pass along to your friends.
TrendMicro writes:
[O]ur Zero Day Initiative has just released two advisories ZDI-16-241 and ZDI-16-242 detailing two new, critical vulnerabilities affecting QuickTime for Windows. These advisories are being released in accordance with the Zero Day Initiative’s Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability. And because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched.
We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.
TrendMicro goes on to write that both exploits are remote code execution vulnerabilities that would require an end user to actively visit a malicious webpage or open a malicious file to exploit them. US-CERT has released its own notification, calling on Windows users to uninstall the software (Mac users are not affected).
Links:
https://www.grahamcluley.com/2016/04/quicktime-windows/
http://www.extremetech.com/internet/226696-windows-pc-users-should-uninstall-quicktime-immediately
It's always something... RS
