Apple Zaps Critical iTunes Security Bug

2009-09-23T11:40:00
ID APPLE-ZAPS-CRITICAL-ITUNES-SECURITY-BUG-092309/72216
Type threatpost
Reporter Ryan Naraine
Modified 2013-04-17T16:39:50

Description

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.

The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.

Related Posts

Apple Patches Trident Vulnerabilities in OS X, Safari

September 2, 2016 , 10:00 am

Latest Windows UAC Bypass Permits Code Execution

August 15, 2016 , 3:35 pm

Putting Apple Bug Bounty Rewards in Perspective

August 10, 2016 , 11:00 am

The skinny:

  • Impact: Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution
  • Description: A buffer overflow exists in the handling of .pls files. Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

The update is available for Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows XP, Vista and Windows 7.