Apple slips security fixes into rollout

By on

Apple has added several security fixes into the latest versions of iTunes and Quicktime.

Apple has added several security fixes into the latest versions of iTunes and Quicktime.

The company has issued a pair of postings outlining 9 security fixes in Quicktime 7.5.5 and two fixes in the new iTunes 8.0.

The iTunes update contains a patch for what Apple has termed a "misleading" dialog in the OS X version of the player. The message occurred when users running OS X 10.4 or earlier were presented with a dialogue box which said that enabling iTunes Music Sharing would have no affect on the Mac's firewall protections.

"Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities," the company explained in the posting.

Also fixed was an issue in the Windows XP and Vista ports of iTunes. The flaw could allow an attacker to use a maliciously-crafted third party driver to crash iTunes and change user privileges.

Eight of the nine fixes for Quicktime address flaws which could be used by an attacker to remotely execute code on a targeted system. Eight of the flaws affected the Windows version of the media player, while five also affected OS X users.

The vulnerabilities included issues in the browser's handling of movie files, PICT files and QTVR movies.

In addition to the Quicktime and iTunes fixes, Apple also issued security fixes within the new version of Bonjour for Windows and the iPod Touch firmware update.

Users can obtain the updates through Apple's Software Update application or by visiting the company's download site.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
applefixesintorolloutsecurityslips

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers
Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability
Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre

Log In

  |  Forgot your password?