Apple iTunes Hit With a New Critical Flaw
Jameson writes "Apple has released a new iTunes version to correct a security vulnerability reported by Mark Litchfield. FrSIRT and Secunia marked the flaw as "critical", because it can be exploited by malicious people to compromise a user's system via maliciously-crafted MPEG4 file.
iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files."
>>"instead, this vulnerability would exist if people got a MP4 (AAC) song off a P2P fileshare where someone exploited the pre-4.8 iTunes."
Anybody stupid enough to download songs in MP4/AAC format deserves whatever ill may befall them.