Apple stops patching QuickTime for Windows despite 2 active vulnerabilities

by Dan Goodin -

If your Windows computer is running Apple's QuickTime media player, now would be a good time to uninstall it.

The Windows app hasn't received an update since January, and security researchers from Trend Micro said it won't receive any security fixes in the future. In a blog post published Thursday, the researchers went on to say they know of at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.

"We’re not aware of any active attacks against these vulnerabilities currently," they wrote. "But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it."

The retirement of QuickTime for Windows has been in the planning stages for at least a few months, and possibly much longer. Apple has never supported QuickTime for Windows 8 or 10, although some users found ways to work around the restriction. What's more, the January update removed the browser plugin for QuickTime, making it impossible for video on websites to seamlessly play in a user's browser. As a result, there's little chance QuickTime vulnerabilities could be harnessed into a drive-by download exploit. Instead, exploits would have to rely on social engineering that convinces a user to download a video and open it in QuickTime.

Even so, Apple officials should have shown the courtesy to tell Windows users QuickTime was no longer receiving security updates, rather than leaving it to Trend Micro. At least Apple's website provides removal instructions here. A fun fact from the Microsoft antitrust trial in 1998: A year earlier, during some of Apple's darkest moments as a viable company, a Microsoft official allegedly attempted to force it to abandon QuickTime so Microsoft could have the media playback market to itself. "'Are you asking us to knife the baby?'" then Apple senior VP Avadis Tevanian Jr said during dramatic testimony, quoting a fellow Apple executive who attended the meeting. "'Yes, we want you to knife the baby.'" Teveanian continued, in an alleged paraphrase of Microsoft official Christopher Phillips. "It was very clear."