During it’s heyday, Apple’s QuickTime software was arguably hailed as the king of digital video. Though there were many competitors (remember Real video?) Apple’s codec reigned supreme in both editing as well as playback for many years, making Apple’s Mac computers the defacto standard in high-end digital video editing. Not unwisely, Apple realized the untapped market potential on the Windows side of the fence, and released a version of QuickTime for Windows 3.1 in 1996, and has steadily iterated on the platform through last year, though its use has declined steadily since the rise of streaming web video. Apparently usage has fallen off so dramatically that Apple recently announced it was no longer supporting the Windows version of QuickTime, hot on the heels of the announcement by US-CERT that the latest version of QuickTime for Windows had two significant zero-day vulnerabilities.
What this means for you:
Because I know you, I won’t bore you with the how the zero-days work, just know they are serious enough for the Department of Homeland Security to issue an alert. It’s not likely you will have Apple’s QuickTime software installed on your late-model business computer, but if you own an older computer at home (5-6 years old), and you’ve installed iTunes on that computer you probably have QuickTime is installed as it was bundled into iTunes as recently as 2011. If you happen to be in the relatively narrow demographic of digital video editor using Windows and Adobe’s Creative Cloud suite, you might also have QuickTime installed as it’s a requirement for certain video editing formats.
Either way, if you have it installed, remove QuickTime immediately. Apple has no plans to patch the vulnerabilities, and even though there are no known exploits in the wild as I write this, you can bet the high profile exposure has already triggered a wave of malicious programming. The easiest way to determine if QuickTime is installed is to go to Control Panel -> Programs & Features -> Uninstall Programs and scan through the list for “QuickTime” (not Apple QuickTime, like you might think). On older OSes you might have to look in Control Panel -> Add/Remove Programs. While you are there, you can look for other old programs you don’t use anymore and remove them in the spirit of spring cleaning.
Kaspersky Labs just released their quarterly threat report for Q3 2012, and it’s dry reading for most folks not fascinated by IT security as I am. There are some notable trends that their research has surfaced, and I thought you might find some of these data points interesting:
- You are least likely to be infected by a fellow countryman in the nation of Denmark. (The US is in the lower first quartile, in case you were wondering.)
- Russia has overtaken the US as having the most websites hosting malware software.
- The most commonly found smartphone virus is designed to steal money from you by texting premium-rate numbers without you noticing.
- The most common way to get a virus infection is via drive-by infections, ie. visiting a dodgy website and getting infected when your browser loads pages that have embedded viruses.
- Of the top 10 most commonly found software vulnerabilities, 2 are found in Oracle software (Java), 5 from Adobe (Flash, Shockwave & Acrobat), 2 from Apple (Quicktime and iTunes), and 1 from Winamp.
- Over half of the detected malware infections came from Java vulnerabilities.
- For the first time in many years, Microsoft did not make the Top 10 list of vulnerabilities!
What this means for you:
Keep your software up to date. The java vulnerabilities have been patched, but many people ignore (or aren’t even aware) that Java needs to be kept up to date just like any other software installed on their machine. Keep your browser up to date, and if you have the choice, use the latest version of IE, or even better, Google’s Chrome browser. However, nothing will keep you safe if you don’t have proper malware protection installed, updated and ACTIVE. If you use an Android phone, see my previous article on the dangers of side-loading questionable apps. As of the moment, buying smartphone anti-virus software isn’t at the same state of “must-have” as computers, but we may be fast approaching that point. If you are careful about the apps you install on your phone, you don’t need it…yet.