The Register® — Biting the hand that feeds IT

Apple fixes critical iTunes bug

MPEG-4 peril alert

Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server

Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.

A bug in code used by iTunes 4.X to parse MPEG-4 files means that maliciously-crafted media files can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. A classic buffer overflow attack. iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation.

Danish security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user into opening a malicious MPEG-4 file with a vulnerable version of iTunes. The vulnerability was discovered by Mark Litchfield of NGS Software. ®

Related stories

Apple patches 'highly critical' iTunes bug
Apple mega-patch fixes 19 flaws
Mobile operators fight DRM corner

Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server

Don’t Miss

HandcuffsFeds: Hospital hacker's 'massive' DDoS averted

Arrest foils 'Devil's Day' scheme

thumbs down teaser 75Buggy 'smart meters' open door to power-grid botnet

Grid-burrowing worm only the beginning

MicrosoftMicrosoft knew of nasty IE bug a year before attacks

Security delayed or security denied?

BlockMaster SafeStickBlockMaster SafeStick hardware-encrypted USB drive

Review Tough enough?