Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0965 Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced 15 April 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: QuickTime for Windows Publisher: US-CERT Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Reduced Security -- Unknown/Unspecified Resolution: None Original Bulletin: https://www.us-cert.gov/ncas/alerts/TA16-105A http://zerodayinitiative.com/advisories/ZDI-16-241/ http://zerodayinitiative.com/advisories/ZDI-16-242/ - --------------------------BEGIN INCLUDED TEXT-------------------- Alert (TA16-105A) Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced Original release date: April 14, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2] [3] Impact Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems. Solution Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page. [4] References [1] Trend Micro - Urgent Call to Action: Uninstall QuickTime for Windows Today [2] Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerabilit [3] Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulner [4] Apple - Uninstall QuickTime 7 for Windows Revisions April 14, 2016: Initial Release - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVxA7iH6ZAP0PgtI9AQLvDxAAma2pdbvCMySKr1rZa8zrODXOVfTnICqA Q0yf3mTb1OOQRjXT0dmW0qtdUzp8XTA57BQYIkfrN3GO8hfRZTMZRH7ggvtwBXJQ Q6dMg9UaXrdCTA0gOVlthN8y2adivLQg73i2K35l4xLUTm4jggnNXapmvDloiBm3 3ZE2y6ZHPueQ+jiAxDkQ9ILeTMFTE4JfNXTzd/OyAOajl1eWAjDonBnW1HloNPCL ZYI9tG3i4xpwbIwW0rm2ADBxZbRip3dBo5AUrbg2Ae+Bo1rnwnWBSub2mbYvoDy0 B6s1kuPAoBs4Q5wd7tssahRAhXUhE3jmyRhBC9hgIlXiCWRHSkE8FAGohbQDZERk I3hi2R1d8VamWvhA2tcGULr0gTRrUSLUoXh7GZb1ZPmGB95q0oLLp+MWRpdF7LsZ rDlVm4asTRbP00bDrzZgKDEtujx5pqSgFLcLA5/f9z9HEU8w/0NgXCNLT8Tffj15 jYb/ttzyBU9V7nK6fYXh7uXsAv/uCYZDQu8nb9xOieHtaJrhIr9gq/dT53jG3S4d iSOrv37S0jXP9ooHQUf6dQmIRL6xYq8F4SDPUG6YmM82m07ndU+uzn5GRlOmr257 A5wzU5PLeNTFKRWU0MYfTqW1SLRzrYTATw95qtPfXso8usNJY+5wYgD7mzLtCNuA jlSsJACvbUo= =QT3M -----END PGP SIGNATURE-----