Apple Patches Vulnerability In iTunes For Windows
A bug in how iTunes for Windows XP and Windows 2000 parses MPEG4 files is at fault, Apple comfirmed. A maliciously-crafted MPEG4 audio file can create a buffer overflow, which could crash the program or give the attacker an opportunity to introduce code of his own.
Danish security firm Secunia rated the vulnerability as "Highly critical," its second-highest warning. This is the second bug in iTunes made public this year; in January, a flaw in the software's playlist might have allowed attackers to generate a buffer overflow. Apple posted a revised version, 4.7.1, the same day the vulnerability was disclosed.
iTunes 4.8 fixes plugs the hole, and can be downloaded from Apple's site or updated from within earlier editions of iTunes.
id
unit-1659132512259
type
Sponsored post