Feeds

Apple fixes critical iTunes bug

MPEG-4 peril alert

  • alert
  • submit to reddit

Intelligent flash storage arrays

Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.

A bug in code used by iTunes 4.X to parse MPEG-4 files means that maliciously-crafted media files can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. A classic buffer overflow attack. iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation.

Danish security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user into opening a malicious MPEG-4 file with a vulnerable version of iTunes. The vulnerability was discovered by Mark Litchfield of NGS Software. ®

Related stories

Apple patches 'highly critical' iTunes bug
Apple mega-patch fixes 19 flaws
Mobile operators fight DRM corner

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.