Apple issues security update for iTunes

Flaw concerns the way that iTunes processes album cover art; security fix includes both Mac and Windows versions.

Apple on Thursday morning issued a security update for iTunes. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7 or later and Windows XP and Vista. It addresses a vulnerability identified in CVE-2007-3752.

According to Apple, opening a maliciously crafted music file may lead to an unexpected application termination or arbitrary code execution. Specifically, a buffer overflow exists in the way that iTunes processes album cover art. By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution. Apple credits David Thiel of iSEC Partners for reporting this vulnerability.

Featured Video

Your phone's screen is ruining your sleep

Staring at your Phone's screen might be hazardous for your sleep, unless you change the color temperature. Sharon Profis explains on "You're Doing It All Wrong."

by Sharon Profis