Skip to main content

Security Alert: Outdated iTunes Puts PC Users at Risk

If there's one thing we repeat like a mantra in Tom's Guide security stories, it's "keep your software patched." We don't just mean "keep your operating system patched;" we really mean "all of your software." A recent study suggests that Windows users are fond of Apple software, but neglect to keep it up to date, opening themselves up to all kinds of security vulnerabilities.

The information comes from Copenhagen-based security firm Secunia, in its Secunia PSI Country Report – Q3 2015. Each country surveyed, including the UK, the U.S. and Germany, has its own set of numbers, but the results are similar across the board. Windows users, at best, are inconsistent about keeping their Apple software up to date, and their lack of diligence comes at the price of approximately 130 potential points of attack.

MORE: Best Antivirus Software and Apps

The two major pieces of Apple software that Windows users like to install, according to Secunia, are QuickTime and iTunes. Approximately 55 percent of Windows machines have the former installed, while about 40 percent use the latter. Of those installations, 61 percent of the former are not up-to-date, while 47 percent of the latter remain unpatched. This means that more than half of Windows users with QuickTime are open to vulnerabilities, while the same holds true for just under half of Windows users with iTunes.

Older versions of QuickTime 7.x have 18 known vulnerabilities, while iTunes 12.x possesses a staggering 106. In the past, both programs have been hit by zero-day exploits, meaning that hackers can and will target these unpatched programs. As they are not Microsoft programs, just running Windows Update will not keep them updated; you'll actually need to open the programs once in a while, which is easier said than done if you're not heavily invested in the Apple ecosystem.

Of course, Apple programs are not the only potential source of grief for Windows fans. The Securia report also pointed to Adobe Reader, Oracle Java, VLC Media Player, Adobe Shockwave Player and Mozilla Firefox as software that goes perennially unpatched, despite exposing users to dozens of vulnerabilities. (We advocate that you uninstall Java and Shockwave, unless you really need them for something.)

Luckily, the fix here is quite simple. If you have any of these programs installed, just open them up and be connected to the Internet, and you'll probably get a prompt to install the latest versions. If not, go into the settings menu and select update, or just download new versions directly from Apple's website. Better yet: If you don't open them often enough to keep them up to date anyway, just uninstall them.