Apple has officially issued an end-of-life notice for its QuickTime multimedia software on Windows, announcing that it will no longer produce security updates even as two zero-day vulnerabilities are known to be in the wild.
Applicable only to QuickTime for Windows - the OS X release remains supported, at least for now - the cessation of support for Apple's multimedia software on its rival's operating system is cause for concern: the Zero Day Initiative has released two vulnerabilities, ZDI-16-241
, which are rated as critical - and while it has no confirmation of active attacks against the vulnerabilities as yet, with knowledge of them now public it's likely only a matter of time before the first malware designed to exploit the holes is released.
With Apple pulling support, the message from all parties is clear: if you're running QuickTime for Windows, you need to uninstall it sooner rather than later. The scope of the vulnerabilities is serious enough that the US Computer Emergency Readiness Team (US-CERT) has published an advisory
warning users that 'the only mitigation available is to uninstall QuickTime for Windows
' and pointing people to Apple's official uninstallation guide
'The only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it,
' added Trend Micro's Christopher Budd. 'In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.