Don’t be too quick to uninstall QuickTime for Windows, warns Adobe

Graham Cluley

Creative cloud thumb

Don't be too quick to uninstall QuickTime for Windows, says Adobe

As we reported over the weekend, PC users really probably should uninstall QuickTime for Windows.

The Windows version of the QuickTime software contains critical vulnerabilities, and Apple appears to have no plans to fix them. The risk that malicious hackers might take advantage of the flaws is significant, and even the US Department of Homeland Security is urging users to uninstall the software:

“Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.”

So, it’s simple right? You should just uninstall QuickTime for Windows.

Hmm. If only.

Because some software remains reliant on QuickTime for Windows.

For instance, Adobe (no stranger to security vulnerabilities itself) has issued an advisory explaining that uninstalling QuickTime for Windows may have negative consequences for some of its Creative Cloud users:

“Unfortunately, there are some codecs which remain dependent on QuickTime being installed on Windows, most notably Apple ProRes. We know how common this format is in many workflows, and we continue to work hard to improve this situation, but have no estimated timeframe for native decode currently.”

Adobe advisory

In other words: Keep QuickTime for Windows installed and you’re at risk from hacking attacks. Don’t keep QuickTime for Windows installed and you may not be able to edit your videos any more.

What a mess.

If your workflow depends on making videos with Creative Cloud, perhaps you would be better off using a Mac until this is sorted out.

Of course, there are probably other Windows programs out there which rely on QuickTime which might be in the same boat… If you know of any, why not leave a comment below?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

32 Replies to “Don’t be too quick to uninstall QuickTime for Windows, warns Adobe”

  1. I've found two programs / instances in the last 24 hours requiring Quicktime to work in some instances:
    – Lightroom (e.g. when exporting videos to Facebook),
    – Sound Forge Audio Studio 10 (to read m4a files).

  2. Having Quicktime installed on your PC is not the problem. The only problem is running Quicktime in the future, so leaving it installed, but not using it, should present no problem.

    1. Michael, do you know for certain that this is correct? I've wondered, but haven't been able to find any info on it.

  3. if steve were alive, he'd just close apple and start another company. that's just the kind of person he was. simple problems have simple solutions.

    https://www.google.com/search?q=Software+Windows+%22system+requirements%22+QuickTime+-Mac

    this is all because apple didn't do as they were commanded to.

    unlock the iPhone 5c, or else!

    now we see the or else. now everybody pays.

  4. Sure seems like uninstalling quicktime is a hysterical response to me. After all these years, people are running around looking like chicken little.

    1. Maybe people are running around like headless chickens but the fact is that yes people have been using the current version of quick time for windows for a while and maybe they haven't been attacked as no one was aware of the vulnerabilities until now. Now they are out there the bad guys will specifically exploit those vulnerabilities previously unknown. With no patches from Apple to remove those vulnerabilities then the risk of an attack rises.

      If you use a multi layered security approach to your computer systems and maybe sandbox your systems or applications that require quick time for windows then this can be a temporary compensating control until the software you use moves away from using the specific codecs made available by quick time – no drama just good common sense should do the trick.

  5. Sony Vegas Movie Studio (a consumer product) and Sony Vegas Pro (a commercial tool) seem to require QuickTime.

    Since the QT vulnerability could exploited by a malicious website that runs QT in the browser, it has been suggested that you rename player.exe. This should leave the codecs but prevent video/audio from playing without user interaction. I suppose you could also unregister all types of content/extensions from using QT by default. I have not tried these yet, so I can't say if it allows the Sony software to work (or Adobe), and I sure can't say whether this protects you from the vulnerability.

  6. If uninstalling QT really breaks iTunes for Windoze then I expect Apple will patch QT. They may be bitter rivals but would Apple cut off their own nose to spite their face? Surely Windows iTunes users are a significant revenue stream for Apple?

    I think all these big companies would rather fight each other than fight cyber crime. Especially Adobe, who require Java to be installed in order to run CS6 on modern OS X Installations. I'm tempted to go back to Rotring pens, CX22, and Letraset.

  7. ProPresenter 4 and 5 for MS Windows uses the Quick time engine. PP6 has it's own engine but requires newer Hardware to run.

  8. Techsmith's Relay requires QT for encoding. The suggestion to switch to Mac because of silly corporate games like this is flat out stupid, and sort of embarrassing for the Mac crowd. Patch your crap, Apple. Whine about Microsoft if you want, but patch it. If Apple maintenance programmers aren't good enough, or conscientious/responsible enough, to patch their software on Windows, what should make a potential customer confident that Apple can maintain the integrity and security of their own native apps? This type of crap is exactly why other fields object strongly to the use of the term software "engineer." Engineers don't say "well, it sucks that we didn't design and build that correctly, I guess you'll just have to not use that elevator from now on," or "just take another highway or bridge for a few years."

  9. Two programs I use in Windows that need QT.
    Traktor DJ by Native Instuments.
    Rekordbox DJ by Pioneer.

    1. Are you sure rekordbox dj does't work for you? It plays ALAC files just fine for me in Windows 10.

  10. There is a simple fix for this. The vulnerability only affects QT player. If you uninstall Windows, then run the QT installer again and reinstall only the Quicktime components (the codecs), you can continue to use the Adobe apps safely.

  11. LOTS of educational software made for Windows XP and W7 still use Quicktime, and they have no replacements. The techno-sphere is missing a huge point: as long as the QT browser plug-in isn't active, you can't play an infected file. Chrome has disabled the QT plug-in. Expect others to follow suit. The only vulnerability after that is if someone downloads an infected QT file, and opens it with their installed QT player. But as others are noting: your security software should scan the downloads for infection.

  12. FWIW, the MajorGeeks freeware site is carrying an offer for the latest update of a lower tier browser called Otter that was initially released in 2011. Says it's based on Opera 12.x and "uses" QT5, whereas with Opera, QT is a plug-in.

  13. I use Adobe Photoshop CS3. I know it's old, but it does what I need it to do, or at least it did until I uninstalled Quicktime. I tried opening a gif file the other day in order to resize it, and got the message that I need Quicktime in order to do that. Apparently more recent versions of Photoshop (after CS5, I think) aren't reliant on Quicktime to edit gifs. So I need to either reinstall Quicktime, or get a newer version of Photoshop. Very annoying.

  14. "If your workflow depends on making videos with Creative Cloud, perhaps you would be better off using a Mac until this is sorted out."

    No.

    I was an exclusive Mac user for decades and several years back when I saw Apple going from "design industry leader" to "hey, we make the iPhone!", I bailed… the majority of my close designer friends have since done the same… "Use a Mac until Adobe gets this sorted" may work for lightweight users, but pro users with ridiculous rig requirements (I'm a motion graphics designer and have 4 NVIDIA GPUs on my mobo with PCI-E 3.0 x 16 on all 4 lanes for the Octane CUDA renderer as well as dual CPUs for 48 threads for everything else) that simply won't cut it. Even the Mac Pro is weak recommendation with it only having an AMD option which not even Adobe has their stuff optimized for (they use CUDA for Premiere, etc).

    I've been saying this for years, but I wish Adobe would just create their own codec similar to ProRes that works inside an AVI container (for Windows users) and a QT container (for Mac users). Something that supports 4:4:4:4 with embedded alpha channels, etc. Something that the industry could adopt as an heir to ProRes. It's obvious Apple has little interest in that market anymore, so ProRes needs to stop being the de-facto standard when it's only now available on one platform. That or… Apple makes ProRes open source and walks away from it.

  15. Powerpoint also requires QT to show video clips in a Powerpoint presentation. It is very complicated to setup Powerpoint to use another media player.

  16. The Max 4 Live app RokVid (live videos influenced by your music tracks) for Ableton Live 10 needs quicktime on Live 10 to work.

    Perplexed now……. No other options seem to work…..

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.