Apple slips security fixes into rollout

By

Apple has added several security fixes into the latest versions of iTunes and Quicktime.


Apple has added several security fixes into the latest versions of iTunes and Quicktime.

The company has issued a pair of postings outlining 9 security fixes in Quicktime 7.5.5 and two fixes in the new iTunes 8.0.

The iTunes update contains a patch for what Apple has termed a "misleading" dialog in the OS X version of the player. The message occurred when users running OS X 10.4 or earlier were presented with a dialogue box which said that enabling iTunes Music Sharing would have no affect on the Mac's firewall protections.

"Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities," the company explained in the posting.

Also fixed was an issue in the Windows XP and Vista ports of iTunes. The flaw could allow an attacker to use a maliciously-crafted third party driver to crash iTunes and change user privileges.

Eight of the nine fixes for Quicktime address flaws which could be used by an attacker to remotely execute code on a targeted system. Eight of the flaws affected the Windows version of the media player, while five also affected OS X users.

The vulnerabilities included issues in the browser's handling of movie files, PICT files and QTVR movies.

In addition to the Quicktime and iTunes fixes, Apple also issued security fixes within the new version of Bonjour for Windows and the iPod Touch firmware update.

Users can obtain the updates through Apple's Software Update application or by visiting the company's download site.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?