Apple’s QuickTime software is vulnerable to two critical security flaws that will never be fixed.
As a result, users are being advised to uninstall the software from their Windows machines to avoid being hacked. The news comes from security firm Trend Micro, who revealed on its blog that Apple has ‘deprecated’ (read: stopped development) on the Windows version of the software. QuickTime for Windows was last updated in January. The exploit does not affect QuickTime for Mac’s OS X operating system.
Related: Best free antivirus software
Normally a security company would not reveal security holes in software until after they have been patched but in this case Trend Micro chose to reveal the flaw after Apple confirmed it would not be patching them.
The security firm is at pains to point out that no known attacks have been carried out in relation to the flaw, but of course this does not mean some sneaky crims will try and use it in the future.
The flaws are both what’s known as ‘heap corruption remote code execution’ vulnerabilities. This is a fairly common type of exploit that allows hackers to write and execute malicious code outside of the QuickTime player itself. This could only work under very specific circumstances; it would have to be related to a specific, malicious file or webpage that is designed to take advantage of the exploit.
Ultimately, you’re probably not at huge risk of you’re using QuickTime to play files already on your PC. Still, there are other pieces of free software you can use to play the files you normally play in QuickTime, such as VLC.
If you’re for some reason still using a QuickTime browser plug-in, such as for Internet Explorer, you should seriously reconsider this decision and uninstall the program. You can follow Apple’s uninstallation instructions to do this.
We have asked Apple to confirm that it has ceased development of QuickTime for Windows, and will update this article if we get a response.
Do you still use QuickTime? Let us know in the comments.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
