Apple has added several security fixes into the latest versions of iTunes and Quicktime.
The company has issued a pair of postings outlining 9 security fixes in Quicktime 7.5.5 and two fixes in the new iTunes 8.0.
The iTunes update contains a patch for what Apple has termed a "misleading" dialog in the OS X version of the player. The message occurred when users running OS X 10.4 or earlier were presented with a dialogue box which said that enabling iTunes Music Sharing would have no affect on the Mac's firewall protections.
"Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities," the company explained in the posting.
Also fixed was an issue in the Windows XP and Vista ports of iTunes. The flaw could allow an attacker to use a maliciously-crafted third party driver to crash iTunes and change user privileges.
Eight of the nine fixes for Quicktime address flaws which could be used by an attacker to remotely execute code on a targeted system. Eight of the flaws affected the Windows version of the media player, while five also affected OS X users.
The vulnerabilities included issues in the browser's handling of movie files, PICT files and QTVR movies.
In addition to the Quicktime and iTunes fixes, Apple also issued security fixes within the new version of Bonjour for Windows and the iPod Touch firmware update.
Users can obtain the updates through Apple's Software Update application or by visiting the company's download site.
Apple slips security fixes into rollout
By
Shaun Nichols
on
Sep 10, 2008 8:15AM
Apple has added several security fixes into the latest versions of iTunes and Quicktime.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection