Apple issues security update for iTunes

Flaw concerns the way that iTunes processes album cover art; security fix includes both Mac and Windows versions.

Apple on Thursday morning issued a security update for iTunes. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7 or later and Windows XP and Vista. It addresses a vulnerability identified in CVE-2007-3752.

According to Apple, opening a maliciously crafted music file may lead to an unexpected application termination or arbitrary code execution. Specifically, a buffer overflow exists in the way that iTunes processes album cover art. By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution. Apple credits David Thiel of iSEC Partners for reporting this vulnerability.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Best mobile games of 2014
    Nissan gives new Murano bold style (pictures)
    Top great space moments in 2014 (pictures)
    This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
    ZTE's wallet-friendly Grand X (pictures)
    Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)