Adobe Customers May Have to Stick with Buggy QuickTime

Adobe Customers May Have to Stick with Buggy QuickTime

Apple this week finally admitted it has ceased supporting QuickTime for Windows, but some Adobe customers will have to stick with the flawed software or risk not being able to use their Adobe products.

News of Apple’s decision came first not from the firm itself but Trend Micro almost a week ago. The security vendor was told, having disclosed two new vulnerabilities in the multimedia software, that they would not be fixed.

Apple has rectified that now with a statement on its website detailing how to uninstall the product.

However, Adobe has now thrown something of a spanner in the works, despite claiming to have “worked extensively on removing dependencies on QuickTime in its professional video, audio and digital imaging applications.”

“Unfortunately, there are some codecs which remain dependent on QuickTime being installed on Windows, most notably Apple ProRes. We know how common this format is in many worfklows, and we continue to work hard to improve this situation, but have no estimated timeframe for native decode currently,” it said in a statement.

“Other commonly used QuickTime formats which would be affected by the uninstallation of QuickTime include Animation (import and export), DNxHD/HR (export) as would workflows where growing QuickTime files are being used (although we strongly advise using MXF for this wherever possible).”

The firm claimed its endgoal is to support everything natively without the need for QuickTime, but in the meantime, customers will have no choice but to run the buggy software, which black hats are likely to be researching exploits for as we speak.

In related security news, Adobe yesterday released an update for its Adobe Analytics AppMeasurement for Flash library, designed to fix a vulnerability rated “important” – that is “Priority 2.”

The flaw “could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled,” according to Adobe.

Source: Information Security Magazine