Apple deprecates QuickTime for Windows with two security holes unpatched: Trend Micro

Apple has left users of its QuickTime for Windows software high and dry, and is recommending that the multimedia player be uninstalled, according to Trend Micro.

The security company said in a blog post that a pair of critical security vulnerabilities discovered by Steven Seeley of Source Incite would remain forever unfixed.

"These advisories are being released in accordance with the Zero Day Initiative's Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability," Trend Micro said. "Because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched."

"We're not aware of any active attacks against these vulnerabilities currently."

Both vulnerabilities allow for arbitrary code execution if the user opens a malicious web page or file, and allows the attacker to execute arbitrary code under the context of the QuickTime player by writing data outside of a heap buffer.

In its security advisories, Trend Micro said it was told by Apple in March that the Windows version of QuickTime would be deprecated.

"Ultimately the right answer is to follow Apple's guidance and uninstall QuickTime for Windows," the company said.

Off the back of Trend Micro's findings, US-CERT has issued an alert recommending QuickTime for Windows be uninstalled.

Security

Do you need antivirus on Linux?

6 ways to protect yourself from getting scammed online, by phone, or IRL

The best VPN free trials for 2024

8 habits of highly secure remote workers

How to find and remove spyware from your phone

• Do you need antivirus on Linux?
• 6 ways to protect yourself from getting scammed online, by phone, or IRL
• The best VPN free trials for 2024
• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone