Beware of Strange iTunes, QuickTime Movies

A heap overflow vulnerability in Apple Computer Inc.'s iTunes and QuickTime media players could put millions of PC and Mac users at risk of malicious hacker attacks, security experts warned Wednesday. In an advisory posted on, researcher Tom Ferris warned that attackers can rig QuickTime movie files to trigger a denial-of-service crash that may lead to malicious code execution.

In an interview with eWEEK, Ferris said he flagged the issue to Apple more than a month ago but only received a cursory confirmation that the bug was being investigated. As per policy, Apple does not comment on security issues until a patch is available. Beware of Strange iTunes/QuickTime Movies

Linked by shanmuga Wednesday, 21st December 2005 9:28PM