Article

iTunes flaw could enable malicious code

SearchSecurity.com Staff

Apple Computer Inc. has patched a flaw attackers could potentially exploit in the popular iTunes music program to cause a denial of service or launch malicious code on victims' machines.

According to the company's advisory, the

    Requires Free Membership to View

AAC file-parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. "Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code," Apple said.

The company added that iTunes 6.0.5 addresses the problem by improving the validation checks used when loading AAC files.

Danish vulnerability clearinghouse Secunia rated the iTunes flaw highly critical because attackers could exploit it from remote locations.

This is the second security update Apple has released in the last week. Tuesday, the company released Mac OS X version 10.4.7 to address multiple security holes in the operating system.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: