Apple plugs critical iTunes security hole

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.

Apple has shipped a critical iTunes update to fix a security vulnerability that exposes Windows users to malicious hacker attacks.

The latest iTunes 9.2.1 is available for Windows XP, Windows Vista and Windows 7.

From Apple's advisory:

A buffer overflow exists in the handling of "itpc:"URLs. Accessing a maliciously crafted "itpc:" URL may lead to anunexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

The patched iTunes 9.2.1 is available from Apple's download website.