If you have Apple QuickTime installed on your Windows PC, now is the time to remove it. There are known vulnerabilities that can be exploited relatively easily, and the software is no longer being supported by Apple.
A public statement has recently been issued by US-CERT, part of the Department of Homeland Security, urging anyone using QuickTime for Windows to remove the product immediately. This is due to the fact that Apple have ceased development and are therefore no longer deploying security updates for the software. This statement was triggered after Trend Micro’s Zero Day Initiative recently revealed two critical vulnerabilities in QuickTime for Windows: ZDI-16-241 and ZDI-16-242.
“These two vulnerabilities are considered ‘remote code execution’ vulnerabilities, which means a miscreant could get the victim to click on a link or visit a website, and remotely hack into the computer without ever physically being in front of the computer,” warns Dodi Glenn, VP of cyber security at PC Pitstop. “While we have yet to see these vulnerabilities being used in the ‘wild’, our experience tells us that it won’t be long before they are bundled in the majority of exploit kits being sold on the underground marketplace.”
The US-CERT advisory states, “Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.”
Sanjay Ramnath, Senior Director of Security Product Management for Barracuda, explains, “While Apple has every right to discontinue any of its products, it should be done so in a way to limit risk to its users. Unfortunately, given how widespread the use is, pulling the plug without pre-announcement and without fixing known problems causes significant risk.”
“Unfortunately, companies discontinue products all the time. QuickTime for Windows has been around since the early 90s and I think was the first piece of Windows software released by Apple. However, since its feature set has been eclipsed by other programs over the years it sort of makes sense to discontinue it,” states Cris Thomas, Strategist for Tenable Network Security. “In fact, for most users there is no need for QuickTime at all. It is no longer required by iTunes and web video is usually served by HTML 5 these days.”
The sudden expiration of support for QuickTime means that patches or security updates for known or reported vulnerabilities will no longer be issued by Apple. This includes the two vulnerabilities described in the Trend Micro Zero Day Initiative. This announcement suggests that Windows machines using QuickTime may be increasingly vulnerable to zero-day attacks.
To further complicate matters, any application that relies on QuickTime will need to change. For the majority of organisations, this change will take time, which will impact productivity and therefore put them at even greater risk. Adobe has already issued guidance stating that their Adobe Creative Cloud customers may run into issues when uninstalling QuickTime.
There is some good news according to Tenable’s Thomas. “Since the current version of QuickTime for Windows 7.7.9 removed the browser plugin anyway there is no way for an attack to automatically compromise a system with a simple drive-by exploit. The attacker would have to convince a victim to download a specially crafted file and then get them to open it in QuickTime.”
Ramnath stresses, “The best defence is often a great offense. Customers should ensure they have layered security to protect against these types of attacks—security solutions that block malicious attachments and links or use other advanced threat detection techniques.”
Discontinuing support for a software product is one thing, but suddenly removing support a program widely used by PC users without even addressing known security vulnerabilities is another matter entirely. Despite Apple no longer supporting QuickTime, they still offer the software for download on their website.
“Since Apple knows these products have critical vulnerabilities they should be made unavailable for download. Leaving them in place is simply gross negligence,” states Thomas.
If you have Apple’s QuickTime installed on your PC, and you have no applications such as Creative Cloud which currently rely on the software, you should remove it from your Windows PC immediately.
iData is a rapidly growing business in the IT and Telecommunications sector, set in a fantastic location in Mold, Flintshire with a very modern office. Our working environment is vibrant, fun, fast paced and dynamic.
iData currently have vacancies for the following positions:
- Telesales Team Leader
- New Business Field Sales Consultant
For further information regarding the roles and how to apply, please visit our Careers page.
We are pleased to announce that iData have been named as a finalist in the 2015 Comms National Awards.
We would like to take this opportunity to thank all our customers for their continued support and wish us luck for the 22nd October at the awards ceremony.
iData are delighted to announce that for the 2015/2016 season we will be the first team main kit sponsors for Holywell Town FC.
Sean Elliott, Chairman of Holywell Town FC stated, “We really appreciate any sponsorship and it’s great to have well run, successful, local businesses supporting us.”.
iData wish the Wellmen all the best for the forthcoming season, and look forward to attending a game soon!
A warning has been issued to holidaymakers that using the Internet on their mobile phones abroad could cost more than the holiday itself.
The Government and providers are being urged by the Citizens Advice to work on a voluntary agreement to prevent large bills, which would also include further warnings for customers and a voluntary price cap.
Due to holidaymakers not realising how quickly the costs can rise when travelling outside of the European Union, especially when they are unaware their mobile device is using roaming data, the customers face bills of thousands of pounds through high charges.
Citizens Advice Chief Executive Gillian Guy said: “The market shouldn’t be a lottery where some customers can be unwittingly plunged into life-changing amounts of debt just because they used their phone.”
“A voluntary price cap would help better protect customers and companies could do more by giving more warnings to customers if their bills start to rise.”
Following changes brought in by the European Commission last year, the highest per megabyte roaming rate within the EU is capped at 17p.
Outside the EU, no such limit is in place, with researchers finding the rate can reach £12.50 per megabyte.
Watching a 30 minute TV episode in Turkey could cost up to £1,360, compared to £32 within the EU, Citizens Advice discovered.
The charity has assisted a holidaymaker who was stung with a bill of £1,500 after enabling data roaming to download a music album whilst in Egypt, along with military personnel who were billed for thousands of pounds after leaving data roaming enabled whilst on deployment.
The rate which consumers pay differs based on which network provider they are with, whether they have purchased any “bolt-ons” which allows them a set amount of data for a fixed price, and where they are travelling to.
Currently, network providers are required to send a warning notification to customers who are outside of the EU when their bill reaches €50 (approx. £35), asking if they would like to continue using data.
Citizens Advice argue that because there is no requirement to contact the customer again, they can unwittingly rack up much larger bills.
Consumers are able to contact their provider to check which tariff they are on and whether data roaming is enabled, but the charity wants the companies to assist more.
Citizens Advice wants a voluntary agreement which would include a maximum per megabyte cost and standard warnings for customers about what they are spending on data at regular intervals above the €50 level.
The charity also wants measures implemented to ensure customers who are given unexpectedly large bills to be treated fairly, that money is not recouped immediately and customers are not pushed towards debt.
An emergency patch has been released by Microsoft, to patch a “critical” bug present across almost all versions of Windows.
Google security researchers were among a team of experts who helped locate the vulnerability, and the loophole was so severe that Microsoft needed to release the patch outside of its normal monthly update.
The loophole gave would-be attackers the opportunity to take over the target computer and execute their own code on the system.
Microsoft has stated in an advisory note that the bug was being discussed online, however it had no information “to indicate this vulnerability had been used to attack customers”. Microsoft went on to suggest that attackers exploiting this loophole could take “complete control” of an affected system. Booby trapped websites or malicious email attachments are examples of how the attackers could trick Windows users into unwittingly opening the loophole.
Windows 7, 8 and RT as well as older versions (such as Vista, Server 2008/2012) have been found to contain the vulnerability.
This patch arrives less than a week after another loophole was closed by Microsoft in the same font-handling system. That particular loophole was uncovered following an attack on the Hacking Team, a security company based in Milan. Hundreds of megabytes of documents were stolen in the attack, which leaked information about software bugs that they had been planning to exploit for it own benefit.
A MERGER signals major expansion for iData, a North Wales IT Communications firm.
iData, one of the UK’s leading IT communications companies, has recently undergone major expansion at its headquarters on Deeside.
In a little over nine months since its relocation to a purpose-built, 3,000 square foot office, the organisation has continued to invest in its rapid growth programme by acquiring specialist IT company, Smart IT Limited.
This move strengthens iData’s strategy to provide The Complete Solution for its growing customer base and partner network.
Following this acquisition, iData will serve in excess of 1,000 business customers.
It was fundamental to both parties that jobs would remain secure, with roles integrating smoothly into the new working environment.
Director of Smart IT, Barry Weaver, and his team have moved into iData’s head office in Mold. He, together with iData’s managing director, James Wilson, and directors Chris Quayle and Nick Cheetham, will drive the ongoing strategy and growth initiative of this large organisation.
James Wilson said: “Barry has built a strong and dynamic business at Smart IT. We have admired him as a competitor for some time. This merger will strengthen our commercial status, capabilities and market share. Integrating Smart IT into iData will most definitely launch a major force in the UK.”
Customers will benefit greatly from this new investment, as they can enjoy increased expertise and specialist support from a single source.
Barry Weaver said: “This new relationship provides a fantastic opportunity for our customers to benefit from our additional expertise.
“We are proud to be part of an organisation that is as committed to growth as providing superb customer excellence. Our services and business ethic go hand in hand, which is why we are all excited about the future success of our organisation.”
Please click here idata Mobile Spring Brochure to download iData’s Spring 2013 mobile brochure where you can find our range of latest mobile phones including BlackBerry, HTC, LG Nokia and Samsung, plus a variety of stylish accessories including speakers, phone cases and headphones. Over recent years the plethora of operating systems (OSs) available in the mobile market has reduced in number while strengthened in power and market share. Take a look at iData’s pick of the best operating systems on the market today.
iData, one of the UK’s leading business telecoms company, has relocated to larger premises in Mold, Flintshire. The decision to move was based on rapidly increasing consumer demand and to further enhance the suite of services and support offered by this dynamic and innovative organisation.
The new location will help iData to better serve its customers, ensuring costs remain competitive without compromising on quality. Internally, employees will operate in an environment that encourages professionalism, innovation and achievement.
Managing Director, James Wilson, is immensely proud of the organisation’s success, which has enabled this move. He explained, “iData is expanding at such a rapid rate. We began by serving clients based in the Northwest and North Wales but this quickly changed and we now provide a range of services to organisations throughout the UK. We now have the infrastructure to accommodate this growth and future expansion.”
As an established telecoms company, iData is committed to providing excellent customer service. The company’s main objectives are to save customers money, continue to build long-term mutually beneficial customer relationships and to identify ways in which emerging technology can benefit customers now and in the future
We’ve just been interviewed by Comms Business for a profile in an upcoming edition and editor Ian Hunter has just put the following out in his newsletter:
I don’t get to speak to enough resellers so when I get an opportunity I generally grab it. Last week I had a long chat to one of the founders of iData a North Wales based reseller that has only been established since February 2008. You’ll read the full interview in the July issue. Read more