Apple issues security update for iTunes

Flaw concerns the way that iTunes processes album cover art; security fix includes both Mac and Windows versions.

by Robert Vamosi September 6, 2007 9:59 AM PDT

Apple on Thursday morning issued a security update for iTunes. The update is for users of Mac OS X v10.3.9, Mac OS X v10.4.7 or later and Windows XP and Vista. It addresses a vulnerability identified in CVE-2007-3752.

According to Apple, opening a maliciously crafted music file may lead to an unexpected application termination or arbitrary code execution. Specifically, a buffer overflow exists in the way that iTunes processes album cover art. By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution. Apple credits David Thiel of iSEC Partners for reporting this vulnerability.

Don't Miss

How Facebook's Zucked-up IPO just killed the tech bubble
Internet & Media
Is NFC killing Google Wallet?
Mobile
Top-rated reviews of the week
Slideshow
iPad case with a secret identity
Review

Device & Conquer

Which TV is right for me?

LED, LCD and plasma: What's the difference, and which is the best?

Play Video

Apple issues security update for iTunes

Don't Miss

Featured Posts

Most Popular

About News Blogs

RSS

my Yahoo

Google

MSN

CNET Mobile Apps