Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Apple patches up iTunes playlist flaw
Published: 2009-09-23

Apple issued a patch this week to protect against playlists that have been specially crafted to exploit a security hole in iTunes 9.

On Tuesday, the consumer technology company fixed a single flaw in the way that iTunes 9, the latest version of its popular multimedia management software, handles playlists on both the Mac OS X and Windows operating systems. The vulnerability could allow an attacker to create a specially-crafted playlist that compromises a victim's computer with malicious software.

"A buffer overflow exists in the handling of .pls files," the company stated in its advisory. "Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution."

The latest version of Apple's iTunes cleans up the presentation of the various content stores and adds the ability to easily share music among several users at one location. The major upgrade followed Apple's latest operating system release, Snow Leopard, which offers few new obvious features to Mac users, but increased the efficiency of the operating system.

Cybercriminals have increasingly focused on attacking third-party applications, such as Apple QuickTime and iTunes as well as Adobe Flash and Acrobat Reader, because such applications are patched less frequently than operating systems, leaving them vulnerable.

Apple credited Oogli LLC with reporting the flaw.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus