In a blog post today, security researchers at Trend Micro have announced the discovery of two new critical vulnerabilities in QuickTime for Windows. While Trend Micro says it is not aware of any active attempts to exploit the vulnerabilities, the firm revealed that Apple is deprecating QuickTime for Windows, indicating the two flaws will not be fixed in the future.
From Trend Micro:
We're not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it. In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.
The U.S. government's Computer Emergency Readiness Team has also recommended that all Windows users uninstall QuickTime in response to Trend Micro's report:
Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows.
