Slashdot Mirror


Apple iTunes Hit With a New Critical Flaw

Jameson writes "Apple has released a new iTunes version to correct a security vulnerability reported by Mark Litchfield. FrSIRT and Secunia marked the flaw as "critical", because it can be exploited by malicious people to compromise a user's system via maliciously-crafted MPEG4 file. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files."

1 of 44 comments (clear)

  1. Re:Thanks for the FUD by rudy_wayne · · Score: -1, Troll

    >>"instead, this vulnerability would exist if people got a MP4 (AAC) song off a P2P fileshare where someone exploited the pre-4.8 iTunes."

    Anybody stupid enough to download songs in MP4/AAC format deserves whatever ill may befall them.