The United States Computer Emergency Readiness Team, US-CERT, issued an alert on Thursday advising Windows PC users to uninstall Apple’s QuickTime video player.
The alert warned of two new critical vulnerabilities discovered in the Windows version of the software, while adding that Apple will no longer be providing security updates for the particular version.
As a result, the software is left vulnerable to exploitation.
“Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss,” read the US-CERT alert.
“Exploitation of the QuickTime for Windows vulnerabilities could allow remote attacks to take control of affected systems,” US-CERT warned.
Security software maker Trend Micro first discovered the bugs and released two advisories in accordance with its Zero Day Initiative, which applies when a vendor does not issue a security patch for a disclosed vulnerability.
According to Trend Micro, both vulnerabilities have a CVSS 2.0 score of 6.8.
Christopher Budd, Global Threat Communications at Trend Micro, explained in a blog post:
“Both of these are heap corruption remote code execution vulnerabilities. One vulnerability occurs an attacker can write data outside of an allocated heap buffer. The other vulnerability occurs in the stco atom where by providing an invalid index, an attacker can write data outside of an allocated heap buffer. Both vulnerabilities would require a user to visit a malicious web page or open a malicious file to exploit them. And both vulnerabilities would execute code in the security context the QuickTime player, which in most cases would be that of the logged on user.”
As of now, Trend Micro said it was not aware of any active attacks targeting those specific vulnerabilities. However, it stressed that the only possible mitigation is the get rid of the program.
Users can find information on how uninstall the software from Apple’s website here: https://support.apple.com/HT205771
The flaws do not affect QuickTime for Mac OSX.