, The Register 2005-01-14
Apple updated its iTunes software this week following the discovery of a security bug that leaves open a way to compromise vulnerable systems.
A bug in code used by iTunes to parse .m3u and .pls playlists means a maliciously-crafted playlist (with long URL file entries) can crash vulnerable versions of the application. In the process, hostile code can be injected into vulnerable systems. This is a classic buffer overflow attack.iTunes users are advised to update to version 4.7.1 to guard against the risk of attack. Hymn users, beware: the upgrade breaks this anti-DRM utility.
Security reporting firm Secunia rates the iTunes bug as "highly critical". Exploitations of both Mac OS and Windows machines running iTunes is possible - providing an attacker tricks a user opening a malicious playlist file with a vulnerable version of iTunes.
The vuln was discovered by Sean de Regge and is explained here. ®