While the Mac version of QuickTime continues be well-supported and protected from security flaws, Apple has quietly revealed that it will no longer update QuickTime for Windows and is "cutting the program loose," according to Trend Micro. The data security and anti-malware company says that while there are no attacks in the wild at present exploiting the critical QuickTime flaws, users can only prevent future attacks by uninstalling the program. Trend Micro reported the two flaws it found to Apple, and was told that the company
will not fix them on Windows.
Both of the two vulnerabilities are heap-corruption-based, and could allow for remote code execution that would allow an attacker to hijack a Windows PC and infect it with malware through trojan applications or malicious web pages users may visit or download. "In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it," said Trend Micro Global Threat Communications Manager Christopher Budd.
"We're not aware of any active attacks against these vulnerabilities currently, but the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to
uninstall it," he added. Apple has offered no official comment on the matter, and appears to have only told Trend Micro that it was dropping support for the program, which was last updated with security and other fixes in January. Trend Micro said it reported the flaws to Apple last November.
In response to Trend Micro's discovery, Apple reportedly said that "the product would be deprecated on Windows and the vendor would publish removal instructions for users." Apple has not yet made any official announcement or published any new tech notes regarding Windows QuickTime, which has been supported on the Microsoft platform for two decades. It appears that it is only the standalone program, rather than the underlying technologies, that will be deprecated -- since QuickTime is a key element of the engine that drives audio, video, and other media playback on iTunes.