p2pnet news | Security:- Anyone using Apple’s user-funded iPod loader iTunes urgently needs to update it to avoid the chance of allowing malicious hackers to penetrate his or her system.

“A buffer overflow exists in iTunes when processing album cover art,” warns net-security.org, crediting David Thiel for the discovery.

“By enticing a user to open a maliciously crafted music file, an attacker may trigger the overflow which may lead to an unexpected application termination or arbitrary code execution.”

Says the post:

For Mac OS X:
The download file is named: “iTunes7.4.dmg”
Its SHA-1 digest is: 4422396fee3323cceab7d0ae83f47f7bedb21033

For Windows XP / Vista:
The download file is named: “iTunesSetup.exe”
Its SHA-1 digest is: fefe391446a8d8010d0a26e9819e893a76319da6

Information will also be posted to the Apple Product Security web site.

Click here for iTunes 7.4 covering Mac OS X v10.3.9, Mac OS X v10.4.7 or later, Windows XP /Vista

Slashdot it!

Also See:
net-security.org – Apple Security Update – iTunes 7.4 (APPLE-SA-2007-09-06), September 6, 2007

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Friday, September 7th, 2007 at 7:19 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 6848 times