On Thursday, Trend Micro announced that Apple will no longer provide security updates for the QuickTime for Windows platform.
This update comes on the same day that ZDI disclosed two vulnerabilities in the Quicktime, which if exploited could lead to remote code execution. The vulnerabilities are heap corruption flaws that require users to visit a malicious webpage, making them perfect for drive-by downloads and phishing attacks.
“We’re not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it,” Christopher Budd of Trend Micro wrote on the company blog.
“In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities and subject to ever increasing risk as more and more unpatched vulnerabilities are found affecting it.”
Plenary Technology recommends that you uninstall Quicktime from all machines as soon as possible and remove the plug-in from your browser if installed.
As always, your comments and questions are welcome.
Keep your company safe from malware. Give us a call at (866) 753-6279 or shoot us an email. Will be happy to help.