The time has come to deinstall QuickTime from your Windows machine.
Trend Micro’s Zero Day Initiative has just released advisories (ZDI-16-241 and ZDI-16-242) detailing two new, critical, remote code execution vulnerabilities affecting QuickTime for Windows, but Apple is not going to fix them.
Apple has decided to deprecate the popular multimedia framework for Microsoft Windows, and will no longer be issuing security updates for it. Their advice to users: uninstall it.
“Most recent media-related programs for Windows – including iTunes 10.5 or later – no longer use QuickTime to play modern media formats,” Apple explained.
“Uninstalling QuickTime 7 also removes the legacy QuickTime 7 web plug-in, if present. Websites increasingly use the HTML5 web standard for a better video-playback experience across a wide range of browsers and devices, without additional software or plug-ins. Removing legacy browser plug-ins enhances the security of your PC.”
Trend Micro’s global threat communications manager Christopher Budd said that they are not aware of any active attacks against these vulnerabilities at the moment.
But even though computers running QuickTime for Windows will continue to work after support ends, he echoed Apple’s advice of uninstalling QuickTime.
“QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it,” he pointed out.
QuickTime on Mac OSX continues to be supported.