News

[PSUs]

Monday 13th March 2006

Overflow vuln found in iTunes and QuickTime 12:38PM, Monday 13th March 2006

Apple has announced a vulnerability affecting iTunes and QuickTime that could lead to code being run on the system.

The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2.

An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions.

Security company eEye Digital describes the flaw as high in terms of severity.

Apple has yet to issue any patches for the affected software, but will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process.

Matt Whipp

Submit to: Digg | Slashdot | Del.icio.us | Technorati

Columns

Under Development: Shock of the new

David Robinson attempts to teach some old dogs a new trick or two as he tries to drag one of his customers - and the Inland Revenue - into the 21st century. › See full Opinion

› See more Columns

Privacy Statement | Privacy Policy | Company Website | Contact Us | Media Information

NEWS

PRODUCT REVIEWS

ANALYSIS

INTERACTIVE

JOBS

SHOPPING

DOWNLOADS

FOCUS ON...

USEFUL INFO

MAGAZINE

FREE NEWSLETTER

News

Latest News

Columns

Under Development: Shock of the new