Apple released three updates for its products on Tuesday, closing at least 18 security holes in its QuickTime player, iTunes multimedia software, and iPod Touch firmware.
The fixes for its iTunes multimedia software appeared to be the most minor, fixing two vulnerabilities, including a misleading dialog box and a flaw that could allow an attacker to gain elevated privileges on the user's computer, according to the company's advisory. The update for the iPod Touch, upgrading it to version 2.1 of the firmware, fixes seven security holes, including improper sandboxing between applications and vulnerabilities in its handling of FreeType fonts.
The most serious flaws for Windows and Mac users appear to be those that affect Apple's QuickTime software. All nine security vulnerabilities affect QuickTime for Windows, while only five of the flaws affect QuickTime for Mac OS X. All the vulnerabilities occur in the code that handled various types of media and allow an attacker to create a specially-crafted movie or pictures to compromise the target's system.
In July, Apple upgraded its iPhone and iPod Touch firmware to version 2.0, fixing at least thirteen security holes. At the beginning of August, the firm closed 17 security holes in its Mac OS X operating system, including fixing the avenue of attack used by security researcher Dan Kaminsky's attack on name server caches.
Users of Microsoft Windows can get the update through Apple's Update software, which checks for new software periodically. Mac OS X users should also get prompted to download and install the software, or can select "Software Update..." from the Apple menu.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos