Critical iTunes flaw exposes Mac, Windows to hacker attacks

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.

The vulnerability could be used by hackers to launch code execution attacks via booby-trapped ".pls" files, Apple warned in an advisory.

The skinny:

  • Impact:  Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution
  • Description:  A buffer overflow exists in the handling of .pls files. Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

The update is available for Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows XP, Vista and Windows 7.