Apple iTunes Hit With a New Critical Flaw

Jameson writes "Apple has released a new iTunes version to correct a security vulnerability reported by Mark Litchfield. FrSIRT and Secunia marked the flaw as "critical", because it can be exploited by malicious people to compromise a user's system via maliciously-crafted MPEG4 file. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files."

Not amazingly new

[caerwyn]

A security vulnerability for older versions of iTunes isn't exactly iTunes being hit with a critical vulnerability. It's already fixed- in the well-publicized update yesterday.

Re:So patched before public disclosure

[pizero]

The security information can be found here.

All Apple Security updates can be found here.

You can sign up for email notification (with PGP) here.

All that said, I've never seen it take so long for an update like this to show up in software update. If this is a new policy (I can see marketing saying, "make them go to the website so we can show off new features"), I going to be unhappy.