If your Windows PC still runs Apple’s QuickTime, it’s time to find another video player.

The Department of Homeland Security just issued a warning that recommends removing QuickTime for Windows after cybersecurity firm Trend Micro reported finding two “critical vulnerabilities” in the program, which Apple will no longer be providing security updates for.

Software often stills works after a company ends support, but users are left at risk because newly discovered security problems won’t be fixed. The warning only applies to the Windows version of QuickTime, so Mac users don’t need to worry about it.

Apple did not immediately respond to a request for comment, but QuickTime for Windows has been on the decline for awhile. Apple never supported the program for Windows 8 or 10 — the two most recent flavors of Microsoft’s operating system — and its last security update was in January.

In a blog post Thursday, Trend Micro wrote that it had reported two major bugs in the software to Apple but that the tech giant didn’t fix them. The flaws could be exploited by a cybercriminal to attack computers when users visit a malicious website or open an unsafe file, according to the cybersecurity firm.

Trend Micro isn’t aware of any attacks currently leveraging the vulnerabilities, but it said that “the only way to protect your Windows systems from potential attacks against these or other vulnerabilities in Apple QuickTime now is to uninstall it.”

Although few Windows users probably still rely on QuickTime, the software issue highlights security challenges facing typical users: It can be hard to keep track of when software is so obsolete that it becomes a risk.

Apple has posted instructions for how to remove QuickTime for Windows on its site, but there does not appear to be any announcement about ending security updates for the program.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: