Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Uninstall QuickTime For Windows Today - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Uninstall QuickTime For Windows Today

Tippingpoint's Zero Day Initiative made two vulnerabilities for Quicktime in Windows public yesterday [1][2]. The two vulnerabilities do allow remote code execution, but there is a bit of user interaction required in that the user has to visit a web page with a malicious file to get exposed to the exploit. The CVSS score for both vulnerabilities is 6.8.

Usually, I would point to a patch at this point. But Apple responded to TippingPoint stating that Quicktime For Windows is no longer a supported product, and no updates will be released to fix these two vulnerabilities.

Apple published a page with details about how to uninstall Quicktime [3]. But I can't find any other official announcement from Apple about the state of Quicktime, other then the TippingPoint vulnerability release. As part of the uninstall instructions, Apple recommends searching for "Uninstall QuickTime." Please make sure to only search locally, do not use a Bing/Google/... search as it may lead to suspect software. A quick check I just did doesn't show anything terribly suspect; there are at least a couple spammy links in Bing.





Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4511 Posts
ISC Handler
Apr 15th 2016
Messaging on this has been horrible, but that's to be expected if the provider refuses to take ownership. Here's another reference

135 Posts
Oh, it gets better: Apple Software Update is still suggesting installing QuickTime for Windows, at least as of this afternoon. It's not automatically selected or installed, but users that have any other Apple product (such as iTunes or iCloud for Windows) are periodically told "new software is available from Apple," including the vulnerable QuickTime 7.7.9. Here's a screen cap:
David Longenecker

5 Posts
Removed Quicktime from 3 systems to be prepared, clicked Apple Update and was told I need to download Apples Quicktime 7 Abandonware. Somebody can't find the seat of their pants with both hands and a flashlight.
David Longenecker
57 Posts

Sign Up for Free or Log In to start participating in the conversation!