On April 14th news broke via Trend Micro security that Apple is deprecating support for QuickTime for Windows, despite the fact there are two critical vulnerabilities affecting the package, both of which were identified by Trend Micro under their Zero Day Initiative (ZDI), which will not be patched by Apple despite the fact information on both vulnerabilities, as specified in Trend Micro advisories ZDI-16-241 and ZDI-16-242 being passed to Apple in November 2015.
As a result of these vulnerabilities, which could leave Windows systems vulnerable to hijacking – although Trend Micro stress that there is no evidence so far of either being actively exploited – is to uninstall QuickTime for Windows (QuickTime for OSX is not affected).
The advice on uninstalling has most notably come from Trend Mirco, with the call being repeated across other on-line tech media, such as eWeek and The Register. Apple apparently opted to take the route of deprecating in March 2016 – but hasn’t really gone out of its way to really tell QuickTime for Windows users it is doing so, as ExtremeTech points out: the QuickTime for Windows landing page doesn’t reflect the status of the software, but simply references the “more secure” January update, while the Apple software update tool still pushed QuickTime at Windows users.
Obviously, the advisory is something all Windows users should heed. With or without the current ZDI vulnerabilities, the application has reached the end of its supported life. However, as Crap Mariner has been pointing out, there are still media systems which utilise QuickTime for streaming into Second Life, many within public cinemas across the grid. While it might be argued has to how widely such facilities are used, the Trend Micro advisory does heighten the need for in-world systems reliant on QuickTime to be updated / replaced.