The United States Computer Emergency Readiness Team has today issued a new note in which it revealed that Apple has no further plans to provide security updates for QuickTime for Windows. The note follows an earlier report from Trend Micro and comes as two new vulnerabilities have been discovered that could affect QuickTime for Windows users.
The two new vulnerabilities are heap-corruption-based remote code execution vulnerabilities, which essentially means that an attacker could gain access to a user’s computer by tricking them in to downloading a file from the web. While there’s nothing currently taking advantage of this hole, now that it is out in the open, it shouldn’t be too much longer.
While Apple itself has been relatively quiet regarding its plans for QuickTime for Windows, the company reportedly told Trend Micro recently that “the product would be deprecated on Windows and the vendor would publish removal instructions for users.” Apple has yet to officially confirm this on their website, however.
With two new security vulnerabilities having been discovered and Apple having no plans to issue any more updates, the U.S. government says the best way for users to protect themselves is to uninstall QuickTime from their machines:
Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page.
Apple’s web plugin for QuickTime on Windows became disabled by default earlier this year and the company has never really updated the app to support Windows 8 and Windows 10, so today’s revelation is not an incredibly surprising one.
Image via BestWinSoft