Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Apple

Apple

iTunes 8, QuickTime 7.5.5, iPod Touch 2.1 Security-Fixes

Apple has also addressed a great deal of vulnerabilities with its recently-released updates

By Filip Truta, Apple News Editor

10th of September 2008, 20:31 GMT

Adjust text size:


Installer package icon
Enlarge picture
Included in the slew of software updates released by Apple (just as soon as Steve Jobs ended his keynote address in San Francisco) are also some patches addressing security issues in the company's iTunes and QuickTime Mac apps, but also in the iPod touch OS. Read on to learn about some of the vulnerabilities each update addresses.

It has been revealed that iTunes 8.0 not only
brings hefty new features, but also resolves some security issues, particularly a vulnerability that results in an erroneous Firewall warning dialogue. Windows users of Apple's media player app received a fix addressing issues with system privileges.

QuickTime 7.5.5 lists some 9 security issues for both Mac and Windows users. Two of the vulnerabilities discovered on the Mac side say that viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution, and that opening a maliciously crafted PICT image may lead to an unexpected application termination. Their official descriptions (from Apple's Support page) are available below.

Description: A heap buffer overflow exists in QuickTime's handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking of panorama atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.

Description: An out-of-bounds read issue exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination. This update addresses the issue by performing additional validation of PICT images. Credit to Sergio 'shadown' Alvarez of n.runs AG for reporting this issue.

Lastly, iPod touch users have been granted the 2.1 update ahead of iPhone owners worldwide, who will receive it on Friday. Where the iPod touch is concerned, Apple has introduced a few fixes related to CoreGraphics, mDNSResponder, networking, WebKit, and the Application Sandbox environment. Session highjacking, arbitrary code execution, DNS cache poisoning, and improper handling of files are the main issues that could occur with iPod touch units.

All three updates are available as of today. While Mac owners can grab the iTunes 8 and QuickTime 7.5.5 updates for free, iPod touch users will need to pay $9.95 for their respective update.

Thumbnail image credits: contractsecurity

TAGS:

 iTunes 8 | iTunes 8.0 | QuickTime 7.5.5 | Security | iPod touch 2.1
Read by 4,779 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Good (3.5/5) 2 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Apple Admits It Didn't Invent the iPod

QuickTime 7.5.5, Front Row 2.1.6 Released – Download Here

iPhone Software 2.1 Confirmed by Apple

Apple Narrows Down Mac OS X 10.5.5 Testing Focus

Apple Reveals the Genius in iTunes 8

NBC Universal Returns to the iTunes Store... in HD

Coverage – 'Let's Rock' Apple Event

User opinions:


Comment #1 by: bob on 06 Oct 2009, 16:25 GMT reply to this comment

the fee is rtarded.it should not exsist.on the brihtside,you can download it and install it mnually...ahahahahahahahaha.maniacle laghture.so not cool.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive