Apple Fixes Critical iTunes Bug

May 12th 2005 | Multimedia

Music fans were this week urged to update their iTunes software following the discovery of a serious security bug that creates a means for hackers to take over vulnerable systems.. ..iTunes users are advised to update to version 4.8, which features improved validation checks, to guard against possible exploitation. – The Register

iTunes 4.8: Security enhancements
iTunes 4.8 Download @ Apple
Available for: Mac OS X v10.2.8 or later, Microsoft Windows XP, Microsoft Windows 2000
CVE-ID: CAN-2005-1248
Impact: A buffer overflow in iTunes could cause a denial of service and lead to the execution of arbitrary code.
Description: The MPEG4 file parsing code in iTunes versions prior to 4.8 contains a buffer overflow vulnerability. Parsing a maliciously-crafted MPEG4 file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files.

Apple Fixes Critical iTunes Bug
Published in: Multimedia on 2005-05-12