Home » Hacking News » Apple fixes critical iTunes code bug

Apple fixes critical iTunes code bug

by Nikola Strahija on May 12th, 2005 A bug in code used by iTunes 4.X to parse MPEG-4 files was discovered last week, it allows maliciously-crafted media files to crash vulnerable versions of the application.

In the process, hostile code can be injected into vulnerable systems. iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation.

Danish security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user into opening a malicious MPEG-4 file with a vulnerable version of iTunes.

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Apple fixes critical iTunes code bug

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact