Apple Fixes iTunes Security Flaw
Cybersecurity
PARTAGER
Facebook X Pinterest WhatsApp

Apple Fixes iTunes Security Flaw

Écrit par
Matthew Broersma
Matthew Broersma
Jan 12, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Along with introducing a slew of new hardware and software on Tuesday, Apple Computer Inc. also quietly released an update for iTunes that fixes a serious security vulnerability found in both Windows and Mac OS X versions of the media player.

The update, iTunes 4.7.1, patches a bug in the way iTunes handles the common .m3u and .pls playlist files. A buffer overflow that occurs when a user attempts to play one of these files—often exchanged over the Internet as a way of organizing music tracks—can crash the player and execute malicious code on a users system, company officials said.

The vulnerability, which merited a “highly critical” rating from independent security research firm Secunia, affects Windows XP, Windows 2000 and Mac OS X systems. Apple security information and updates can be found on Apples Web site.

Besides the security fix, iTunes 4.7.1 also adds shuffle and photo features for the iPod, as well as performance improvements.

/zimages/5/28571.gifClick hereto read about Apples new flash-based iPod shuffle and other products announced at Macworld.

/zimages/5/95891.jpg

ITunes is Apples desktop interface for its industry-leading iPod music player, and is widely used on both Windows and Mac systems. The program is also the only way for users to interact with the popular iTunes Music Store.

Media players have recently become a key focus for security researchers and attackers alike. For example, researchers recently discovered two Trojans making the rounds on peer-to-peer networks disguised as Windows Media Video files and infecting users via Windows Media Players new anti-piracy features.

The player appears to be downloading a license for a DRM-protected file, but in fact it downloads more than a dozen spyware and adware applications onto the users PC, making thousands of registry changes, according to Panda Software.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Matthew Broersma
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Entreprise

À propos Nous contacter Faire de la publicité

Catégories

Actualités récentes Ressources Intelligence artificielle Vidéo Mégadonnées et analyse Cloud Réseau

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.

Conditions d'utilisation Politique de confidentialité Californie - Ne pas vendre mes informations