In association with heise online

07 September 2007, 09:08

Apple fixes critical hole in iTunes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released an iTunes update for Mac and Windows to fix a hole that can be exploited by attackers to infect systems with maliciously crafted music files. Apple reports that opening such files with iTunes may lead to a buffer overflow triggered when album cover art is processed. According to David Thiel of security service provider iSEC Partners the flaw depends on the parsing of the 'covr' atom of an MP4/AAC file.

The current versions for Mac OS X v10.3.9, Mac OS X v10.4.7, Windows XP and Vista are available for download on the Apple website.

See also:

  • About the security content of iTunes 7.4, security advisory by Apple
  • [ iTunes 7.3.x - Heap overflow in album cover parsing], security advisory by iSec


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit