Apple is pulling support for QuickTime for Windows on the heels of Trend Micro’s Zero Day Initiative’s discovery of two new, critical vulnerabilities affecting the software.
Detailed in this blog post, these are remote code execution vulnerabilities that could allow an attacker to gain control of the victim’s system. In an enterprise setting, this could mean opening the door for hackers to access larger, company-wide networks.
According to Christopher Budd, global threat communications manager at Trend Micro, there are no active attacks currently exploiting these vulnerabilities, however, they will never be patched.
“QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and is therefore subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it,” said Budd. “Ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows.”