iTunes 4.7.1: Security Enhancements

Apple quietly introduced some significant security enhancements with the iTunes 4.7.1 release, making it an important upgrade for all customers.

The update resolves a flaw where malicious playlists can cause iTunes to crash and could execute arbitrary code

Apple's description reads "iTunes supports several common playlist formats. iTunes 4.7.1 fixes a buffer overflow in the parsing of m3u and pls playlist files that could allow earlier versions of iTunes to crash and execute arbitrary code. Credit to Sean de Regge (seanderegge[at]hotmail.com) for discovering this issue, and to iDEFENSE Labs for reporting it to us."

For more information, and to download iTunes 4.7.1, visit http://www.apple.com/downloads/macosx/apple/itunes471.html.

Resources