iTunes and QuickTime Walk Together On Vulnerability Lane

december 2008

s	m	t	w	t	f	s
30	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31	1	2	3
4	5	6	7	8	9	10

Published on Security | September 19, 2008, 12:33

Apple fans should be careful nowadays, as two company-developed software have been discovered to features an unpatched vulnerability.

The new flaw affects both Apple's QuickTime 7.5.5 and iTunes 8.0 software and can be used to crash browser applications.

In addition, the vulnerability could offer hackers a door through which they'd be able to inject hostile code onto vulnerable systems. Researchers have yet to be 100% sure of this scenario and they currently rate it as “possible”.

In order to successfully exploit the new flaw, the surfer must be tricked ito open a maliciously constructed QuickTime tag contained on a web page or embedded in an MP3 and video clip file.

Apple has yet to offer any information on how soon it will release a patch. According security clearing house US CERT, the flaw affecting iTunes and QuickTime is a high risk bug.