Alert: Apple iTunes
Apple Releases iTunes 8.2 and QuickTime 7.6.2
Apple has released iTunes 8.2 and QuickTime 7.6.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users to review Apple articles HT3592 and HT3591 and apply any necessary updates to help mitigate the risks.
Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A stack buffer overflow exists in iTunes when parsing “itms:” URLs. Accessing a maliciously crafted “itms:” URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.