Apple updated its iTunes software this week following the discovery of a security bug that leaves open a way to compromise vulnerable systems.

A bug in code used by iTunes to parse .m3u and .pls playlists means a maliciously-crafted playlist (with long URL file entries) can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. This is a classic buffer overflow attack.

iTunes users are advised to update to version 4.7.1 (http://www.apple.com/support/downloads/itunes471.html) to guard against the risk of attack. Hymn users, beware: the upgrade breaks (http://www.theregister.co.uk/2005/01/13/apple_breaks_hymn/) this anti-DRM utility.

Security reporting firm Secunia rates (http://secunia.com/advisories/13804) the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user opening a malicious playlist file with a vulnerable version of iTunes.

The vuln was discovered by Sean de Regge and is explained here (http://idefense.com/application/poi/display?id=180&type=vulnerabilities). ®

Related stories

Trojans exploit Windows DRM loophole (http://www.theregister.co.uk/2005/01/13/drm_trojan/)
Apple brings discord to Hymn (http://www.theregister.co.uk/2005/01/13/apple_breaks_hymn/)
Unholy trio of RealOne Player holes unearthed (http://www.theregister.co.uk/2004/02/06/unholy_trio_of_realone_player/)
Windows-style security hell stalks Mac OS X? Yeah, you wish (http://www.theregister.co.uk/2003/12/16/windowsstyle_security_hell_stalks_mac/)
Macworld: Spotlight, trinkets, mark-ups, and middle-class angst (http://www.theregister.co.uk/2005/01/14/macworld_2005_roundup/)