Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.. ..iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation. – The Register
iTunes 4.8: Security enhancements
iTunes 4.8 Download @ Apple
Available for: Mac OS X v10.2.8 or later, Microsoft Windows XP, Microsoft Windows 2000
CVE-ID: CAN-2005-1248
Impact: A buffer overflow in iTunes could cause a denial of service and lead to the execution of arbitrary code.
Description: The MPEG4 file parsing code in iTunes versions prior to 4.8 contains a buffer overflow vulnerability. Parsing a maliciously-crafted MPEG4 file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files.
