Apple issues security update for iTunes

Flaw concerns the way that iTunes processes album cover art; security fix includes both Mac and Windows versions.

Apple on Thursday morning issued a security update for iTunes. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7 or later and Windows XP and Vista. It addresses a vulnerability identified in CVE-2007-3752.

According to Apple, opening a maliciously crafted music file may lead to an unexpected application termination or arbitrary code execution. Specifically, a buffer overflow exists in the way that iTunes processes album cover art. By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution. Apple credits David Thiel of iSEC Partners for reporting this vulnerability.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Man flies 54-propeller superdrone, almost flips it, Ep. 217

This week on Crave, we walk you through a futuristic new automated restaurant in San Francisco, get navigation directions from the sultry voice of Stephen Colbert on Waze, and fly a drone with 54 propellers that can carry a full-grown man. It's the Crave show!

by Stephen Beacham