eEye Digital Security researchers have discovered two new vulnerabilities in iTunes and QuickTime. The specifics have not been detailed to prevent abuse before the issues can be addressed, but they are related to heap and integer overflows.
These vulnerabilities have been labeled as being high-risk, and are said to put millions of Windows and Mac users
at risk of code execution attacks. According to eEye, the vulnerabilities are present in both QuickTime and iTunes on Windows NT, Windows 2000, Windows XP and Windows Server 2003 as well as Mac OS X.
As usual, Apple has not commented on any potential security vulnerabilities until they have been investigated and fixed. eEye only releases the most basic of information, so there are no practical steps that can be taken to avoid being exposed but, in the mean time, the experts warn users to stay away from untrusted media files.
So far, details being so sketchy, it is hard to say exactly how much of a threat these 'high risk' vulnerabilities present, but, at least on OS X, if they are anything like the recent 'serious' and 'extremely serious' vulnerabilities, users can go back to sleep because it is just the sky falling again.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
