Apple issued a patch this week to protect against playlists that have been specially crafted to exploit a security hole in iTunes 9.
On Tuesday, the consumer technology company fixed a single flaw in the way that iTunes 9, the latest version of its popular multimedia management software, handles playlists on both the Mac OS X and Windows operating systems. The vulnerability could allow an attacker to create a specially-crafted playlist that compromises a victim's computer with malicious software.
"A buffer overflow exists in the handling of .pls files," the company stated in its advisory. "Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution."
The latest version of Apple's iTunes cleans up the presentation of the various content stores and adds the ability to easily share music among several users at one location. The major upgrade followed Apple's latest operating system release, Snow Leopard, which offers few new obvious features to Mac users, but increased the efficiency of the operating system.
Cybercriminals have increasingly focused on attacking third-party applications, such as Apple QuickTime and iTunes as well as Adobe Flash and Acrobat Reader, because such applications are patched less frequently than operating systems, leaving them vulnerable.
Apple credited Oogli LLC with reporting the flaw.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos