Feeds

Apple fixes critical iTunes bug

MPEG-4 peril alert

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.

A bug in code used by iTunes 4.X to parse MPEG-4 files means that maliciously-crafted media files can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. A classic buffer overflow attack. iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation.

Danish security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user into opening a malicious MPEG-4 file with a vulnerable version of iTunes. The vulnerability was discovered by Mark Litchfield of NGS Software. ®

Related stories

Apple patches 'highly critical' iTunes bug
Apple mega-patch fixes 19 flaws
Mobile operators fight DRM corner

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.