Apple fixes flaw with iTunes update

New software addresses a vulnerability that allowed previous versions to crash and execute arbitrary code.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Jan. 12, 2005 12:49 p.m. PT

Apple on Tuesday released an update of its iTunes software to address a vulnerability that could cause earlier versions to crash and execute arbitrary code.

With previous versions, the flaw could allow an attacker to inject more data into a particular memory location than the program could accommodate, thereby allowing the attacker to take over a computer. The new software, iTunes 4.7.1, is available at Apple's Web site.

The update is available for Mac OS X, Microsoft Windows XP and Microsoft Windows 2000.

Apple has faced fewer security issues than Microsoft, with its prevalent Windows operating system. Still, Apple has garnered some attention from hackers.

Last August, a Norwegian hacker published the Apple AirPort Express public key, which Apple uses for encrypting music transmitted from iTunes to wireless base stations.