Security Notes

IMPORTANT: QuickTime security issue for EdGCM users on Windows machines. (Mac users are not affected.)

PROBLEM: Recently, the information security project Zero Day Initiative (ZDI) announced that vulnerabilities had been discovered in Apple’s QuickTime for Windows software. Since Apple will no longer be providing updates for QuickTime for Windows, it is recommended that Windows users uninstall the software.

Additional details and links regarding the vulnerabilities found, and instructions for uninstalling QuickTime for Windows, have been summarized by US-CERT here.

IMPACT on EdGCM: The EdGCM 4D interface relies on QuickTime to provide compression capabilities for some of the visual elements. Uninstalling QuickTime for Windows will not prevent EdGCM from working; however, navigation through the interface is more difficult because the visual elements are no longer rendering properly.

SOLUTION: The vulnerabilities identified by ZDI affect the video player component of QuickTime, but not the data compression/encoding components of the software (also known as codecs). Since EdGCM only needs the QuickTime codecs, Apple’s QuickTime software should be uninstalled, and a compatible QT codec pack from an alternate source should be installed. With the alternate QT codecs installed, the EdGCM 4D interface’s appearance will return to normal.

We have tested the following alternate free QT codecs with EdGCM, but any alternate QT codec pack should work:

  • QuickTime Alternative 3.2.2
  • QT Lite 4.1.0
  • Users installing EdGCM for the first time on a Windows machine can de-select QuickTime during the EdGCM installation process, and then later install an alternate QT codec pack as described above.