Don't be too quick to uninstall QuickTime for Windows, warns Adobe

Uninstalling vulnerable QuickTime may cause problems for Creative Cloud subscribers.

Don't be too quick to uninstall QuickTime for Windows, says Adobe

As we reported over the weekend, PC users really probably should uninstall QuickTime for Windows.

The Windows version of the QuickTime software contains critical vulnerabilities, and Apple appears to have no plans to fix them. The risk that malicious hackers might take advantage of the flaws is significant, and even the US Department of Homeland Security is urging users to uninstall the software:

"Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows."

So, it's simple right? You should just uninstall QuickTime for Windows.

Hmm. If only.

Because some software remains reliant on QuickTime for Windows.

For instance, Adobe (no stranger to security vulnerabilities itself) has issued an advisory explaining that uninstalling QuickTime for Windows may have negative consequences for some of its Creative Cloud users:

"Unfortunately, there are some codecs which remain dependent on QuickTime being installed on Windows, most notably Apple ProRes. We know how common this format is in many workflows, and we continue to work hard to improve this situation, but have no estimated timeframe for native decode currently."

Adobe advisory

In other words: Keep QuickTime for Windows installed and you're at risk from hacking attacks. Don't keep QuickTime for Windows installed and you may not be able to edit your videos any more.

What a mess.

If your workflow depends on making videos with Creative Cloud, perhaps you would be better off using a Mac until this is sorted out.

Of course, there are probably other Windows programs out there which rely on QuickTime which might be in the same boat... If you know of any, why not leave a comment below?

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , ,

31 Responses

  1. Joseph

    April 19, 2016 at 2:54 pm #

    Corel's VideoStudio uses QT. I am sure there are other too.

  2. Mark Hewitt

    April 19, 2016 at 3:06 pm #

    I've found two programs / instances in the last 24 hours requiring Quicktime to work in some instances:
    – Lightroom (e.g. when exporting videos to Facebook),
    – Sound Forge Audio Studio 10 (to read m4a files).

  3. Jeffrey

    April 19, 2016 at 3:30 pm #

    GoPro Studio also uses QuickTime

  4. Michael

    April 19, 2016 at 6:07 pm #

    Having Quicktime installed on your PC is not the problem. The only problem is running Quicktime in the future, so leaving it installed, but not using it, should present no problem.

    • Sam in reply to Michael.

      April 26, 2016 at 4:18 pm #

      Michael, do you know for certain that this is correct? I've wondered, but haven't been able to find any info on it.

  5. Zoey Barkow

    April 19, 2016 at 6:29 pm #

    if steve were alive, he'd just close apple and start another company. that's just the kind of person he was. simple problems have simple solutions.

    https://www.google.com/search?q=Software+Windows+%22system+requirements%22+QuickTime+-Mac

    this is all because apple didn't do as they were commanded to.

    unlock the iPhone 5c, or else!

    now we see the or else. now everybody pays.

    • Guy in reply to Zoey Barkow.

      April 19, 2016 at 6:55 pm #

      I suggest Ex-Lax for your not insignificant problem.

  6. Oscar

    April 19, 2016 at 6:36 pm #

    Sure seems like uninstalling quicktime is a hysterical response to me. After all these years, people are running around looking like chicken little.

    • M Parkes in reply to Oscar.

      April 20, 2016 at 10:20 am #

      Maybe people are running around like headless chickens but the fact is that yes people have been using the current version of quick time for windows for a while and maybe they haven't been attacked as no one was aware of the vulnerabilities until now. Now they are out there the bad guys will specifically exploit those vulnerabilities previously unknown. With no patches from Apple to remove those vulnerabilities then the risk of an attack rises.

      If you use a multi layered security approach to your computer systems and maybe sandbox your systems or applications that require quick time for windows then this can be a temporary compensating control until the software you use moves away from using the specific codecs made available by quick time – no drama just good common sense should do the trick.

  7. Robert

    April 19, 2016 at 7:37 pm #

    To open videos in Cubase so you can edit the audio Quicktime is needed.

  8. Ed

    April 19, 2016 at 7:57 pm #

    MediaShout uses QuickTime for .MOV files, so just convert them to another type.

  9. Mark Jacobs

    April 20, 2016 at 10:42 am #

    iTunes for Windows needs Quicktime to preview movie material in your Apple library.

  10. Keyser

    April 20, 2016 at 12:16 pm #

    Sony Vegas Movie Studio (a consumer product) and Sony Vegas Pro (a commercial tool) seem to require QuickTime.

    Since the QT vulnerability could exploited by a malicious website that runs QT in the browser, it has been suggested that you rename player.exe. This should leave the codecs but prevent video/audio from playing without user interaction. I suppose you could also unregister all types of content/extensions from using QT by default. I have not tried these yet, so I can't say if it allows the Sony software to work (or Adobe), and I sure can't say whether this protects you from the vulnerability.

  11. Michael Ratcliffe

    April 20, 2016 at 1:00 pm #

    You can't run itunes without it…as i found after I removed it

    • Steven Latus in reply to Michael Ratcliffe.

      April 24, 2016 at 11:34 pm #

      iTunes works fine for me after uninstalling QT. Running 64-bit Windows 7 Home Premium.

  12. Paul

    April 20, 2016 at 10:09 pm #

    If uninstalling QT really breaks iTunes for Windoze then I expect Apple will patch QT. They may be bitter rivals but would Apple cut off their own nose to spite their face? Surely Windows iTunes users are a significant revenue stream for Apple?

    I think all these big companies would rather fight each other than fight cyber crime. Especially Adobe, who require Java to be installed in order to run CS6 on modern OS X Installations. I'm tempted to go back to Rotring pens, CX22, and Letraset.

  13. 3xlion

    April 21, 2016 at 5:58 am #

    ProPresenter 4 and 5 for MS Windows uses the Quick time engine. PP6 has it's own engine but requires newer Hardware to run.

  14. Duane

    April 21, 2016 at 3:14 pm #

    Techsmith's Relay requires QT for encoding. The suggestion to switch to Mac because of silly corporate games like this is flat out stupid, and sort of embarrassing for the Mac crowd. Patch your crap, Apple. Whine about Microsoft if you want, but patch it. If Apple maintenance programmers aren't good enough, or conscientious/responsible enough, to patch their software on Windows, what should make a potential customer confident that Apple can maintain the integrity and security of their own native apps? This type of crap is exactly why other fields object strongly to the use of the term software "engineer." Engineers don't say "well, it sucks that we didn't design and build that correctly, I guess you'll just have to not use that elevator from now on," or "just take another highway or bridge for a few years."

  15. Matthew Eric Hackett

    April 21, 2016 at 3:49 pm #

    Two programs I use in Windows that need QT.
    Traktor DJ by Native Instuments.
    Rekordbox DJ by Pioneer.

    • AstrosFan in reply to Matthew Eric Hackett.

      April 22, 2016 at 12:03 am #

      Are you sure rekordbox dj does't work for you? It plays ALAC files just fine for me in Windows 10.

  16. Brian Maffitt

    April 22, 2016 at 5:23 pm #

    There is a simple fix for this. The vulnerability only affects QT player. If you uninstall Windows, then run the QT installer again and reinstall only the Quicktime components (the codecs), you can continue to use the Adobe apps safely.

    • Pamela J Chambers in reply to Brian Maffitt.

      June 27, 2016 at 5:51 pm #

      LOL – yes, uninstalling Windows would fix this problem.

  17. Neil MacQueen

    April 23, 2016 at 4:18 am #

    LOTS of educational software made for Windows XP and W7 still use Quicktime, and they have no replacements. The techno-sphere is missing a huge point: as long as the QT browser plug-in isn't active, you can't play an infected file. Chrome has disabled the QT plug-in. Expect others to follow suit. The only vulnerability after that is if someone downloads an infected QT file, and opens it with their installed QT player. But as others are noting: your security software should scan the downloads for infection.

  18. Stephen

    April 30, 2016 at 11:32 pm #

    Chapter and Verse doesn't work without quicktime

  19. Sheldon Beauregard

    May 2, 2016 at 4:07 am #

    FWIW, the MajorGeeks freeware site is carrying an offer for the latest update of a lower tier browser called Otter that was initially released in 2011. Says it's based on Opera 12.x and "uses" QT5, whereas with Opera, QT is a plug-in.

  20. Chris Richards

    May 2, 2016 at 9:52 pm #

    I use Adobe Photoshop CS3. I know it's old, but it does what I need it to do, or at least it did until I uninstalled Quicktime. I tried opening a gif file the other day in order to resize it, and got the message that I need Quicktime in order to do that. Apparently more recent versions of Photoshop (after CS5, I think) aren't reliant on Quicktime to edit gifs. So I need to either reinstall Quicktime, or get a newer version of Photoshop. Very annoying.

  21. Colin Pike

    May 9, 2016 at 11:46 am #

    Is it only the player affected or also the codec?

  22. Theo

    May 11, 2016 at 5:23 am #

    Here's another one: Black Magic's Free Davinci Resolve for Windows.

    What a pain…

  23. Yomo

    May 11, 2016 at 7:52 pm #

    "If your workflow depends on making videos with Creative Cloud, perhaps you would be better off using a Mac until this is sorted out."

    No.

    I was an exclusive Mac user for decades and several years back when I saw Apple going from "design industry leader" to "hey, we make the iPhone!", I bailed… the majority of my close designer friends have since done the same… "Use a Mac until Adobe gets this sorted" may work for lightweight users, but pro users with ridiculous rig requirements (I'm a motion graphics designer and have 4 NVIDIA GPUs on my mobo with PCI-E 3.0 x 16 on all 4 lanes for the Octane CUDA renderer as well as dual CPUs for 48 threads for everything else) that simply won't cut it. Even the Mac Pro is weak recommendation with it only having an AMD option which not even Adobe has their stuff optimized for (they use CUDA for Premiere, etc).

    I've been saying this for years, but I wish Adobe would just create their own codec similar to ProRes that works inside an AVI container (for Windows users) and a QT container (for Mac users). Something that supports 4:4:4:4 with embedded alpha channels, etc. Something that the industry could adopt as an heir to ProRes. It's obvious Apple has little interest in that market anymore, so ProRes needs to stop being the de-facto standard when it's only now available on one platform. That or… Apple makes ProRes open source and walks away from it.

  24. Ken Sanford

    November 7, 2016 at 10:25 pm #

    Powerpoint also requires QT to show video clips in a Powerpoint presentation. It is very complicated to setup Powerpoint to use another media player.

  25. Oliver H. S.

    June 15, 2017 at 5:10 pm #

    Contour Storyteller software for Contour camera users needs QuickTime installed.

Leave a Reply