James Delahunty
7 Sep 2007 7:18
Apple Inc. has issued an update that addresses a vulnerability discovered in its iTunes multimedia software. The company has patched both Windows and Mac operating systems' version of the iTunes software. The iTunes v7.4 update adds support for using purchased music as ringtones and to buy songs wirelessly using iPhone or the recently unveiled iPod Touch.
The update also addresses a serious security vulnerability however, that could lead to a specially crafted music file crashing or giving an attacker control over a victims PC or Mac. "A buffer overflow exists in iTunes when processing album cover art," the company stated. "By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow which may lead to an unexpected application termination or arbitrary code execution."
Apple has issued more than 100 patches for ts Mac OS X operating system and applications this year and the iPhone received its first security patch in July. Apple credited iSEC Partners with the discovery of the latest iTunes vulnerability.
Source:
The Register