Apple is no longer issuing security updates for QuickTime on Windows.

As with any software that no longer has support, the best course of action right now is to get rid of QuickTime if you use Windows.

Who’s affected?

Anyone on any version of Windows with QuickTime installed is currently vulnerable to attack.

Apple is continuing support for QuickTime for OS X, so Mac users aren’t affected by these security flaws.

How bad is it?

Currently, there are two known security flaws in QuickTime. Both are serious issues, allowing an attacker to execute arbitrary code remotely when a user visits a certain web page or opens a file. Any and all information on your computer or network is at risk.

More issues could arise as time goes on. At the moment, there don’t seem to be any large-scale attacks based on these flaws. However, these could start at any time.

What should I do?

The only way to be safe is to completely remove QuickTime from all of your Windows machines. Uninstall all versions of QuickTime, no matter what kind of security measures are already in place. The vulnerabilities are bad enough at the moment and there may be worse ones discovered or created as time goes on.

Learn more

To learn more about the issue and the security vulnerabilities, visit the sources below:

https://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/

https://zerodayinitiative.com/advisories/ZDI-16-241/

https://zerodayinitiative.com/advisories/ZDI-16-242/