Before you rush out to snag one of those new iPods or cheaper iPhones, update your iTunes, because its got a buffer overflow that could let some nasty music file “pwn” your toy.
Apple on Sept. 6 put out an update, iTunes 7.4, that deals with the buffer overflow, which occurs when processing album cover art.
An attacker can get to you by luring you into opening a maliciously crafted music file. The resulting overflow could lead to an application crashing or could be as bad as arbitrary code execution.
The update fixes the problem with proper bounds checking. Its available for Mac OS X v10.3.9, Mac OS X v10.4.7 or later, and Windows XP and Vista.
iTunes 7.4 is available here.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.