QuickTime and iTunes DoS exploit released

A new buffer overflow vulnerability could crash the most current version of the applications or allow malicious code to run on a compromised computer. No patch is available.

by Robert Vamosi / September 18, 200811:24 AM PDT

Security

September 18, 200811:24 AM PDT

by Robert Vamosi

A serious new flaw was disclosed on Thursday that affects the latest versions of Apple's QuickTime and iTunes applications.

The National Vulnerability Database entry CVE-2008-4116 describes a heap-based buffer overflow vulnerability within Apple's QuickTime 7.5.5 and iTunes 8.0 programs.

To infect a computer, a maliciously coded long-type attribute within a QuickTime tag might be placed on a Web page, or within a .mp4 or .mov file. This could allow remote attackers to crash the applications (known as a denial of service) or possibly execute arbitrary code on a compromised computer.

The announcement comes one week after Apple patched nine security flaws in its media player and fixed Windows Vista problems within its recently updated online music service.

At the moment, there is no recommended workaround or patch available for the code exploit.

Apple did not reply to a request for comment.

Featured Video

Drag

QuickTime and iTunes DoS exploit released

Security

Discuss: QuickTime and iTunes DoS exploit released

Featured Video

The updated Galaxy Note 7 is still having battery issues

SpaceX plans mission to Mars. Chinese Note 7 explodes. Amazon wants to deliver inside your home.