Got it on your system? Uninstall it now. It has security flaws that could damage your system.
Both of the vulnerabilities – ZDI-16-241 and ZDI-16-242 – are heap-corruption-based remote code execution vulnerabilities.
An attacker can exploit these flaws to hijack a victim's PC and infect it with malware, simply by tricking them into opening a malicious file or web download. Apple's response: uninstall QuickTime for Windows.
"We're not aware of any active attacks against these vulnerabilities currently. But the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it," said Christopher Budd, global threat communications manager at Trend Micro, on Thursday.
"In this regard, QuickTime for Windows now joins Microsoft Windows XP and Oracle Java 6 as software that is no longer being updated to fix vulnerabilities, and subject to ever-increasing risk as more and more unpatched vulnerabilities are found affecting it."