recent Quicktime vulnerability recommendations

tedjames

US-Cert recommends uninstalling Quicktime because Apple is ending support:
https://www.us-cert.gov/ncas/alerts/TA16-105A
Zero Day Initiative
Zero Day Initiative

However, one of our web developers claims he needs to at least have Quicktime Criticical Components installed in order to use specific software, such as Premier, AE, Vegas, Juicer, etc. He claims that Quicktime Criticical Components is not subject to this vulnerability. I've been researching this and have not found any official word to that effect (only statements made by random people in the comments sections of articles). Do you know anything about this?

NetworkNewb

Someone please correct me if I'm wrong (cause I'm curious) but for this to affect you need to have Quicktime installed and then have a specific malware on your computer or visit a page that contains this malware, then a person can take control of computer?

I haven't seen any specific details how this happens or what exact malware though.

TomkoTech

The concern is that Apple has completely dropped support and will not be patching it. And that now that the vulnerability is widely known, there will be malware written to specifically exploit it. Thus the mass "Get it off your pc now"

markulous

Agreed with the above.

From what I'm understanding is that the support is only being dropped on Windows. So if he needs to use quicktime, he should get a mac (or virtualize it on his PC).

tedjames

We've been having a similar discussion here in the office. There's also talk of setting up a machine for him that's isolated from the network.