Abstract: Apple® has officially ended support for QuickTime® on Microsoft Windows®. In January of 2016, Apple® released the final update of QuickTime® for Windows® and removed the QuickTime® plugin from browsers to help mitigate future vulnerabilities. In April of 2016, two new vulnerabilities were released, ZDI-16-241 and ZDI-16-242, that affect the most recent version of QuickTime® for Windows®. The vulnerabilities allow an attacker to remotely exploit a system by sending the victim a malicious .MOV file that is then viewed with QuickTime®. Because Apple® has ended support, Apple® will no longer be deploying patches or future releases on Windows® leaving the software unpatched. Windows® systems running QuickTime® are vulnerable until the software is removed. Apple and QuickTime are registered trademarks of Apple, Inc. and Microsoft and Windows are registered trademarks of Microsoft Corp.
Date Published: 09 May 2016
Last Reviewed: 09 May 2016
Creator: Vulnerability Solutions
Dissemination Control: N/A