Apple fixes critical iTunes bug | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Gartner Report: How IT Management Can "Green" the Data Center
Establishing energy efficiency
The Perfect (Virtual) Marriage
Deduplication and VMware
Enabling the Data Center Metamorphosis
From Fixed To Fluid
Server Consolidation and Containment
With Virtual Infrastructure
Solution Brief: Reduce Energy Costs
With Green IT Solutions
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers

The Register » Security »

Apple fixes critical iTunes bug

MPEG-4 peril alert

By John Leyden → More by this author

Published Thursday 12th May 2005 12:10 GMT

How IT Management Can "Green" the Data Center - Free Download

Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.

A bug in code used by iTunes 4.X to parse MPEG-4 files means that maliciously-crafted media files can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. A classic buffer overflow attack. iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation.

Danish security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user into opening a malicious MPEG-4 file with a vulnerable version of iTunes. The vulnerability was discovered by Mark Litchfield of NGS Software. ®

Related stories

Apple patches 'highly critical' iTunes bug
Apple mega-patch fixes 19 flaws
Mobile operators fight DRM corner

Free Analyst Paper: Overcoming Energy Demands on US Data Centers

Track this type of story as a custom Atom/RSS feed or by email.

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Server Consolidation and Containment

This paper discusses how consolidation and containment solutions with a virtual infrastructure meet the challenges of server sprawl and underutilization..

whitepaper title

Making Green IT a Reality

Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers.

Whitepapers	Jobs
An Improved Architecture for High-Efficiency, High-Density Data Centers [WP126] Ten Errors to Avoid When Commissioning a Data Center [WP149] Java and J2EE performance How To Tackle Enterprise Spyware	Perl Programmer with supporing Java Development Perl/Unix Developer Internal Systems Developer 2 perl scripts for online retail business small job PERL Programmer for Print/Mail outsource provider

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search