Tuesday, July 20, 2010

iTunes buffer overflow vulnerability (Windows only); Apple Releases iTunes 9.2.1

Here's another patch that needs to be installed on any Windows computer running iTunes.
iTunes buffer overflow vulnerability
Apple is reporting new version of iTunes (9.2.1), which address CVE-2010-1777: A buffer overflow exists in the handling of itpc: URLs, which might lead to application termination or arbitrary code execution.

More information at http://support.apple.com/kb/HT4263.

This affects version 9 of iTunes, and only on the Windows platform.
US-CERT Current Activity: Apple Releases iTunes 9.2.1
added July 20, 2010 at 07:54 am

Apple has released iTunes 9.2.1 to address a vulnerability. This vulnerability is due to improper handling of itpc URLs. itpc is the protocol used by Apple iTunes for handling podcasts. By convincing a user to access a specially crafted itpc URL, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4263 and update to iTunes 9.2.1 to help mitigate the risks associated with this vulnerability.

No comments: