In April 2016, Apple discontinued support for the Windows version of QuickTime. There will be no further updates or security patches for QuickTime on Windows. Apple also confirmed security gaps in QuickTime for Windows which have been discovered previously.
Since QuickTime is required for the video functions of Nuendo and Cubase, Steinberg software users are affected by this, too.
Among others, you will learn in this article how to minimize the securitiy risk, if you depend on the video function of Cubase and Nuendo under Windows.
What does the end of support for QuickTime for Windows mean to me as a Cubase/Nuendo user?
Regardless of Cubase/Nuendo, QuickTime constitutes a security risk on Windows systems.
If you do not use videos in Cubase/Nuendo, simply uninstall QuickTime as recommended by Apple via Control Panel > Programs and Features. Except for the video features, Cubase/Nuendo installations will remain fully functional.
If you rely on video functions, you should use Cubase/Nuendo preferably under Mac OS X only. This is the easiest and most secure solution - but obviously requires an Apple machine running Mac OS X. Alternatively, follow the instructions below on minimising the security risk involved by QuickTime for Windows.
What is the risk of security gaps in QuickTime for Windows?
This cannot be said precisely. According to reports, an attack through the security gaps in QuickTime for Windows is possible, but not highly likely. It also seem to require user actions like clicking internet links or opening malicious files. In any case, the risk increases constantly due to the missing security patches.
Will there be a Cubase/Nuendo version that is independent of QuickTime?
Certainly! We are already working on a solution that will supersede the QuickTime dependency of video functions in Cubase/Nuendo. However, we cannot name a time frame yet.
I depend on video functions in Cubase/Nuendo on Windows. What can I do?
If you need to work with videos in Cubase/Nuendo on a Windows machine, you should minimise the security risk by limiting the QuickTime installation to necessary components. Read on to find out how this can be achieved. However, only uninstalling QuickTime will remove the potential threat completely!
Please note that Steinberg cannot be held responsible for any damages caused by installing and/or using QuickTime!
If you already have installed QuickTime for Windows, please uninstall the Software via Control Panel > Programs and Features. Before you start, close all programs, particularly internet browsers.
Download QuickTime for Windows from Apple's website:
After having started the downloaded QuickTime installter, switch to 'Custom' mode instead of 'Typical'.
In the list of components, click on 'QuickTime Player' to open the options menu.
In the newly opened menu select the entry 'Entire feature will be unavailable' marked with a red cross.
All components except for 'QuickTime Essentials' should now be marked with a red cross and thus be disabled.
Click on [Next] and follow the instructions to complete the limited installation.
Even if the QuickTime installer is not asking, restart your system.
Now you have a QuickTime installation without QuickTime Player and the browser plug-in - which are the most vulnerable components.
In this way, the risk of an attack via the discovered security gaps in QuickTime for Windows has been reduced to the minimum.
However, videos containing malicious code still could do harm. Therefore you should only import video of verified origin in Cubase/Nuendo!
In general, security can also be increased by using a Windows user account that has no administrative permissions. In this case, Cubase/Nuendo must have been installed accordingly.