A serious new flaw was disclosed on Thursday that affects the latest versions of Apple's QuickTime and iTunes applications.
The National Vulnerability Database entry CVE-2008-4116 describes a heap-based buffer overflow vulnerability within Apple's QuickTime 7.5.5 and iTunes 8.0 programs.
To infect a computer, a maliciously coded long-type attribute within a QuickTime tag might be placed on a Web page, or within a .mp4 or .mov file. This could allow remote attackers to crash the applications (known as a denial of service) or possibly execute arbitrary code on a compromised computer.
The announcement comes one week after
At the moment, there is no recommended workaround or patch available for the code exploit.
Apple did not reply to a request for comment.
Discuss: QuickTime and iTunes DoS exploit released
Be respectful, keep it civil and stay on topic. We delete comments that violate our policy, which we encourage you to read. Discussion threads can be closed at any time at our discretion.