Another iTunes and QuickTime flaw?

Filed under: — By Aviran Mordo @ 4:34 pm

A serious security vulnerability exists in Apple Computer’s iTunes and QuickTime software, bug hunter Tom Ferris reported on his Security-Protocols.com Web site Friday.

“The vulnerability allows an attacker to reliably overwrite heap memory with arbitrary data in order to execute arbitrary code on a targeted host,” Ferris wrote.

An attacker could commandeer a computer running Windows or Mac OS X by tricking a user into opening a malicious media file, Ferris said in an interview. The problem was reported to Apple on Friday, he said.

To limit risk to users of the vulnerable software, Ferris won’t disclose further details of the flaw until Apple provides a fix, he said. “Once they release the patch, I will release a full blown advisory,” he said.

Source: News.com


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress