Apple has added several security fixes into the latest versions of iTunes and Quicktime.
The company has issued a pair of postings outlining 9 security fixes in Quicktime 7.5.5 and two fixes in the new iTunes 8.0.
The iTunes update contains a patch for what Apple has termed a "misleading" dialog in the OS X version of the player. The message occurred when users running OS X 10.4 or earlier were presented with a dialogue box which said that enabling iTunes Music Sharing would have no affect on the Mac's firewall protections.
"Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities," the company explained in the posting.
Also fixed was an issue in the Windows XP and Vista ports of iTunes. The flaw could allow an attacker to use a maliciously-crafted third party driver to crash iTunes and change user privileges.
Eight of the nine fixes for Quicktime address flaws which could be used by an attacker to remotely execute code on a targeted system. Eight of the flaws affected the Windows version of the media player, while five also affected OS X users.
The vulnerabilities included issues in the browser's handling of movie files, PICT files and QTVR movies.
In addition to the Quicktime and iTunes fixes, Apple also issued security fixes within the new version of Bonjour for Windows and the iPod Touch firmware update.
Users can obtain the updates through Apple's Software Update application or by visiting the company's download site.
Apple slips security fixes into rollout
By Shaun Nichols on Sep 10, 2008 8:15AM