Apple plugs critical vulnerability in iTunes

Apple has released iTunes version 9.0.1 for Mac OS X and Windows. It fixes various bugs and one critical security vulnerability when processing playlists.

According to Apple, stability when synchronising programs for the iPod touch and iPhone and synchronising podcasts in playlists has been improved. The new version also fixes problems sorting multi-CD albums and a problem that caused unexpected crashes.

The security vulnerability allows attackers to use crafted playlists (*.pls) to trigger a buffer overflow, allowing code to be injected into and executed on a user's system. The update, which is just under 83 MB in size, can be downloaded from the Apple website or via Apple's Software Update system.

See also:

• About the security content of iTunes 9.0.1, advisory from Apple.

(crve)