Apple fixes flaw in iTunes
Apple has released iTunes version 9.2.1 to close a security-relevant vulnerability: In the Windows versions of iTunes up to version 9.2, attackers can use specially crafted itpc: URLs to provoke a buffer overflow and execute arbitrary code. The hole can be exploited remotely, for instance via specially crafted web pages.
Mac users also benefit from the update: for instance, Apple has resolved a problem with encrypted back-ups that occurred when updating iPod touch and iPhone devices to iOS 4.0. Apple also say that initial synchronisation now works more smoothly with certain devices, and that they have disabled obsolete, and therefore incompatible, third-party plug-ins.
- About the security content of iTunes 9.2.1, security advisory from Apple.