The update also addresses a serious security vulnerability however, that could lead to a specially crafted music file crashing or giving an attacker control over a victims PC or Mac. "A buffer overflow exists in iTunes when processing album cover art," the company stated. "By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow which may lead to an unexpected application termination or arbitrary code execution."
Apple has issued more than 100 patches for ts Mac OS X operating system and applications this year and the iPhone received its first security patch in July. Apple credited iSEC Partners with the discovery of the latest iTunes vulnerability.
Source:
The Register
Written by: James Delahunty @ 7 Sep 2007 7:18