Apple deprecates QuickTime for Windows with two security holes unpatched: Trend Micro

If you are still using QuickTime for Windows now is the time to uninstall it, as the software will not be supported by Apple in the future.
Written by Chris Duckett, Contributor

Apple has left users of its QuickTime for Windows software high and dry, and is recommending that the multimedia player be uninstalled, according to Trend Micro.

The security company said in a blog post that a pair of critical security vulnerabilities discovered by Steven Seeley of Source Incite would remain forever unfixed.

"These advisories are being released in accordance with the Zero Day Initiative's Disclosure Policy for when a vendor does not issue a security patch for a disclosed vulnerability," Trend Micro said. "Because Apple is no longer providing security updates for QuickTime on Windows, these vulnerabilities are never going to be patched."

"We're not aware of any active attacks against these vulnerabilities currently."

Both vulnerabilities allow for arbitrary code execution if the user opens a malicious web page or file, and allows the attacker to execute arbitrary code under the context of the QuickTime player by writing data outside of a heap buffer.

In its security advisories, Trend Micro said it was told by Apple in March that the Windows version of QuickTime would be deprecated.

"Ultimately the right answer is to follow Apple's guidance and uninstall QuickTime for Windows," the company said.

Off the back of Trend Micro's findings, US-CERT has issued an alert recommending QuickTime for Windows be uninstalled.

Editorial standards