Feeds

Apple patches critical iTunes bug

Buffer overflow risk neutered

New hybrid storage solutions

In all the hoopla surrounding Apple's announcement of its revamped line of iPods on Wednesday, many users might have missed the company's update to iTunes, which includes a fix for a serious security flaw.

The update, which brings the consumer technology company's iTunes music software to version 7.4, adds the ability to turn previously bought music into ringtones and the ability to buy songs wirelessly using the iPhone and network-capable iPods. The update also patches a serious security vulnerability that could allow a specially-crafted music file to crash or take control of a victim's Windows PC or Mac, the company stated in an advisory.

"A buffer overflow exists in iTunes when processing album cover art," the company stated. "By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow which may lead to an unexpected application termination or arbitrary code execution."

Apple has patched more than 100 vulnerabilities in its Mac OS X operating system and applications this year. Many security researchers and hackers have begun to focus on the consumer technology company's latest mobile device, the iPhone, which received it first patch in July.

Apple credited iSEC Partners with the discovery of the vulnerability.

A nod to ZDNet's Zero Day blog.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Secure remote control for conventional and virtual desktops

More from The Register

next story
Leak of '5 MEELLLION Gmail passwords' creates security flap
You should be OK if you're not using ANCIENT password
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Enigmail PGP plugin forgets to encrypt mail sent as blind copies
User now 'waiting for the bad guys come and get me with their water-boards'
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.