U.S. Department of Homeland Security US-CERT   
      
   National Cyber Awareness System:   
      
   TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities   
   Announced   
   04/14/2016 03:48 PM EDT   
      
      
   Original release date: April 14, 2016   
      
   Systems Affected   
   Microsoft Windows with Apple QuickTime installed   
      
   Overview   
   According to Trend Micro, Apple will no longer be providing security updates   
   for QuickTime for Windows, leaving this software vulnerable to exploitation.   
   [1]   
      
   Description   
   All software products have a lifecycle. Apple will no longer be providing   
   security updates for QuickTime for Windows. [1]   
      
   The Zero Day Initiative has issued advisories for two vulnerabilities found in   
   QuickTime for Windows. [2] [3]   
      
   Impact   
   Computer systems running unsupported software are exposed to elevated   
   cybersecurity dangers, such as increased risks of malicious attacks or   
   electronic data loss. Exploitation of QuickTime for Windows vulnerabilities   
   could allow remote attackers to take control of affected systems.   
      
   Solution   
   Computers running QuickTime for Windows will continue to work after support   
   ends. However, using unsupported software may increase the risks from viruses   
   and other security threats. Potential negative consequences include loss of   
   confidentiality, integrity, or availability of data, as well as damage to   
   system resources or business assets. The only mitigation available is to   
   uninstall QuickTime for Windows. Users can find instructions for uninstalling   
   QuickTime for Windows on the Apple Uninstall QuickTime page. [4]   
      
   References   
   [1] Trend Micro - Urgent Call to Action: Uninstall QuickTime for Windows Today   
   [2] Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom   
   Heap Corruption Remote Code Execution Vulnerabilit   
   [3] Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom   
   Processing Heap Corruption Remote Code Execution Vulner   
   [4] Apple - Uninstall QuickTime 7 for Windows   
   Revision History   
   April 14, 2016: Initial Release   
      
   ----------------------------------------------------------------   
   -------------- -   
      
   This product is provided subject to this Notification and this Privacy & Use   
   policy.   
      
      
   ----------------------------------------------------------------   
   -------------- -   
   A copy of this publication is available at www.us-cert.gov. If you need help   
   or have questions, please send an email to info@us-cert.gov. Do not reply to   
   this message since this email was sent from a notification-only address that   
   is not monitored. To ensure you receive future US-CERT products, please add   
   US-CERT@ncas.us-cert.gov to your address book.   
   OTHER RESOURCES:   
   Contact Us | Security Publications | Alerts and Tips | Related Resources   
   STAY CONNECTED:   
   Sign up for email updates   
      
   SUBSCRIBER SERVICES:   
   Manage Preferences  |  Unsubscribe  |  Help   
      
      
   ----------------------------------------------------------------   
   -------------- -   
   This email was sent to Fido4cmech@lusfiber.net using GovDelivery, on behalf   
   of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray   
   Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870 Powered by GovDelivery   
      
   === Cut ===   
      
      
   --   
   Keep the faith   :^)   
      
      Ben  aka cMech  Web: http|ftp|telnet://cmech.dynip.com   
                    Email: fido4cmech(at)lusfiber.net   
                 Home page: http://cmech.dynip.com/homepage/   
              WildCat! Board 24/7  +1-337-984-4794  any BAUD 8,N,1   
      
   --- GoldED+/W32-MSVC   
    * Origin: FIDONet - The Positronium Repository (1:393/68)