Apple has left users of its QuickTime for Windows software high and dry, and is recommending that the multimedia player be uninstalled, according to Trend Micro.
The security company said in a blog post that a pair of critical security vulnerabilities discovered by Steven Seeley of Source Incite would remain forever unfixed.
"These advisories are being released in accordance with the Zero Day Initiative's Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability," Trend Micro said. "Because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched."
"We're not aware of any active attacks against these vulnerabilities currently."
Both vulnerabilities allow for arbitrary code execution if the user opens a malicious web page or file, and allows the attacker to execute arbitrary code under the context of the QuickTime player by writing data outside of a heap buffer.
"Ultimately the right answer is to follow Apple's guidance and uninstall QuickTime for Windows," the company said.
Off the back of Trend Micro's findings, US-CERT has issued an alert recommending QuickTime for Windows be uninstalled.