recent Quicktime vulnerability recommendations

tedjamestedjames Scruffy-looking nerfherdrMember Posts: 1,179 ■■■■■■■■□□
US-Cert recommends uninstalling Quicktime because Apple is ending support:
https://www.us-cert.gov/ncas/alerts/TA16-105A
Zero Day Initiative
Zero Day Initiative

However, one of our web developers claims he needs to at least have Quicktime Criticical Components installed in order to use specific software, such as Premier, AE, Vegas, Juicer, etc. He claims that Quicktime Criticical Components is not subject to this vulnerability. I've been researching this and have not found any official word to that effect (only statements made by random people in the comments sections of articles). Do you know anything about this?

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Someone please correct me if I'm wrong (cause I'm curious) but for this to affect you need to have Quicktime installed and then have a specific malware on your computer or visit a page that contains this malware, then a person can take control of computer?

    I haven't seen any specific details how this happens or what exact malware though.
  • TomkoTechTomkoTech Member Posts: 438
    The concern is that Apple has completely dropped support and will not be patching it. And that now that the vulnerability is widely known, there will be malware written to specifically exploit it. Thus the mass "Get it off your pc now"
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Agreed with the above.

    From what I'm understanding is that the support is only being dropped on Windows. So if he needs to use quicktime, he should get a mac (or virtualize it on his PC).
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    We've been having a similar discussion here in the office. There's also talk of setting up a machine for him that's isolated from the network.
Sign In or Register to comment.