Yesterday US-Cert released a security alert about two new vulnerabilities discovered in QuickTime for Windows.  Both of these vulnerabilities are classified as critical as they could allow attackers to remotely execute commands on vulnerable computers. Since Apple has stated that they are no longer supporting QuickTime for Windows and that these vulnerabilities will not be fixed, it is important that everyone uninstall QuickTime from their computer.

Apple's reaction to these vulnerabilities has been disappointing to say the least.  If they are no longer supporting the product and it is known that they contain two critical vulnerabilities, then why are they still offering these vulnerable programs via their Apple Software Update program?

Apple update still offering QuickTime
Apple update still offering QuickTime

I would expect that QuickTime will be pulled from the updates soon, so if this program is something that you absolutely require, I suggest you download it and only install it as needed.

Related Articles:

CISA urges software devs to weed out SQL injection vulnerabilities

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

Ivanti fixes critical Standalone Sentry bug reported by NATO

Here's why Twitter sends you to a different site than what you clicked

US Defense Dept received 50,000 vulnerability reports since 2016