If you’re a PC user who still has QuickTime installed, you should heed the advice from the Department of Homeland Security and remove it. The DHS warning comes after researchers from Trend Micro found two critical security flaws in the multimedia program.
The security firm’s Zero Day Initiative released details of the two vulnerabilities yesterday, which could allow attackers to execute code on a target computer if a user visits a malicious website or opens a malicious file.
Trend Micro isn’t yet aware of any attacks that have used the flaws, but as Apple is deprecating support for QuickTime on the Windows platform, there aren't going to be any patches released that close them.
"We're not aware of any active attacks against these vulnerabilities currently," said Christopher Budd, Trend Micro's global threat communications manager. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it."
"In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it."
The Homeland Security warning comes via its Computer Emergency Readiness Team (CERT). "The only mitigation available is to uninstall QuickTime for Windows," the alert said. The vulnerabilities aren’t found in the Mac version of QuickTime, so iOS users don’t have to worry.
There are still a large number of Windows users that have QuickTime installed. For those wanting to keep their PCs safe, Apple provides a guide on how to remove the program.