Skip to main content

Apple iTunes Multiple Vulnerabilities

Last Update Date: 13 Jun 2012 15:07 Release Date: 13 Jun 2012 4927 Views

RISK: High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities have been identified in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

  1. An error in the handling of .m3u playlists can be exploited to cause a heap-based buffer overflow via a specially crafted M3U (".m3u") file.
  2. A vulnerability is caused due to a bundled vulnerable version of WebKit.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

 

Note: This vulnerability does not affect the application on OS X Lion systems.


Impact

  • Remote Code Execution

System / Technologies affected

  • Apple iTunes versions prior to 10.6.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 10.6.3.

Vulnerability Identifier


Source


Related Link