Overflow vuln found in iTunes and QuickTime

Posted on 13 Mar 2006 at 12:38

Apple has announced a vulnerability affecting iTunes and QuickTime that could lead to code being run on the system.

The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2.

An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions.

Security company eEye Digital describes the flaw as high in terms of severity.

Apple has yet to issue any patches for the affected software, but will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process.

Author: Matt Whipp

Get more reviews, tutorials and in-depth advice, every month with Computer Shopper.
Click here to try 3 issues for £1

< Previous News : General Next >

Be the first to comment on this article

You need to Login or Register to comment.