In association with heise online

« previous | next »
7 September 2007, 10:08

Apple fixes critical hole in iTunes

Apple has released an iTunes update for Mac and Windows to fix a hole that can be exploited by attackers to infect systems with maliciously crafted music files. Apple reports that opening such files with iTunes may lead to a buffer overflow triggered when album cover art is processed. According to David Thiel of security service provider iSEC Partners the flaw depends on the parsing of the 'covr' atom of an MP4/AAC file.

The current versions for Mac OS X v10.3.9, Mac OS X v10.4.7, Windows XP and Vista are available for download on the Apple website.

See also:

  • About the security content of iTunes 7.4, security advisory by Apple
  • [ https://www.isecpartners.com/advisories/2007-005-itunes.txt iTunes 7.3.x - Heap overflow in album cover parsing], security advisory by iSec

(mba)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-733602

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung Galaxy S2 i9100 16GB schwarz
  2. Crucial m4 SSD 128GB
  3. Intel Core i5-2500K
  4. TeamGroup Elite DIMM Kit 8GB PC3-10667U CL9-9-9-24 (DDR3-1333)
  5. Intel Core i7-2600K
  6. ASUS EAH6870 DC/2DI2S/1GD5
  7. ASRock Z68 Pro3
  8. Samsung Galaxy S Plus i9001 schwarz 8GB
  9. Samsung EcoGreen F4 2000GB
  10. Samsung Galaxy S i9000 schwarz 8GB

The H

The H open source

The H Security

The H Internet Toolkit