Software security firm Trend Micro on Thursday announced the discovery of two new flaws in QuickTime for Windows, adding that Apple has plans to deprecate support for the software.
As noted by Reuters, the Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) issued an alert on Thursday notifying PC users of the QuickTime vulnerability, saying the "only mitigation available is to uninstall QuickTime for Windows." Trend Micro also recommends a complete uninstall, noting Apple will no longer patch security holes in the software.
According to a separate report from The Register, Apple in March informed Trend Micro that QuickTime "would be deprecated on Windows and the vendor would publish removal instructions for users." The security firm notified Apple of the flaws last November.
Both vulnerabilities take advantage of heap overflows that can be triggered when a victim visits a malicious website or opens a tainted file. Attackers normally leverage these bugs to execute code on a target computer, usually with an endgame of gleaning sensitive data or inserting malware.
"We're not aware of any active attacks against these vulnerabilities currently," said Christopher Budd, Trend Micro's global threat communications manager. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it."
QuickTime for Windows was last updated in January.