Apple Ships Critical iTunes for Windows Patch

2010-07-19T22:01:10
ID THREATPOST:25DECF7CB05DAA8BA59180E8B5B5FC2C
Type threatpost
Reporter Ryan Naraine
Modified 2018-08-15T12:23:22

Description

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.

The latest iTunes 9.2.1 is available for Windows XP, Windows Vista and Windows 7.

From Apple’s advisory:

A buffer overflow exists in the handling of “itpc:”URLs. Accessing a maliciously crafted “itpc:” URL may lead to anunexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

The patched iTunes 9.2.1 is available from Apple’s download website.