Apple has advised QuickTime users on Windows to uninstall the app to avoid being hacked. TrendMicro, that first discovered the flaws has suggested users in following Apple guidelines for uninstalling the app.
Security firm Trend Micro has issued an alert to all users of QuickTime on Windows claiming the app poses a severe security risk for them.
At least two critical security flaws have been discovered by Trend Micro details of which were made available to Apple. However, the Cupertino company had ruled out issuing any security patch to cover the immediate risks. Instead, the company has said they would stop supporting the app on Windows and the best protection for Windows users at the moment would be to uninstall the app as a whole.
QuickTime for Mac OS X though continues to be fed well with Apple extending full support to the app.
Trend Micro said the two vulnerabilities designated ZDI-16-241 and ZDI-16-242 are ‘heap-corruption-based remote code execution vulnerabilities.’ Both of these can be exploited by hackers to infect a Windows PC with malware by luring in unsuspecting users into downloading or opening a file containing malicious codes.
Trend Micro though said they are yet to come across any information about a Windows PC being compromised using the above-mentioned vulnerabilities, though an attack in future can’t be ruled out either.
“In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it,” wrote Christopher Budd, Global Threat Communications at Trend Micro.
Apart from Trend Micro, the US Department of Homeland Security too has advised users of the QuickTime app on Windows to uninstall the same to ensure their system remains safe from hacking attempts.
Apple had last issued security patches for QuickTime in January this year. However, it was in March that the Cupertino giant had made it known to The Register about their plans to deprecate support for the app. Trend Micro also claimed they had first reported of the security flaws to Apple on November 11, 2015.
This would also mark the end of a fairly long stint spanning over two decades of the Apple software on the Windows platform. While exact user base figures aren’t available at the moment, those are projected to be substantial.
Both Apple and Microsoft have declined to comment on this just yet.