June 18, 2012

iTunes vulnerability may enable remote code execution

Researchers have unveiled a flaw in iTunes that could allow cyber criminals to execute remote code on target machines. Gjoko Krstic, a researcher at Zero Science Lab, a Macedonian information security company, announced in a blog post that the heap buffer overflow vulnerability is caused by a boundary error that occurs while playlist files are processed. Attackers who exploit the weakness to bait victims can do so through downloaded malicious data veiled as music. The defect, which affects versions 10.6.1 and 10.6.0 of iTunes, was patched last week in version 10.6.3 of the music player.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.