updated 03:45 pm EDT, Thu June 29, 2006
iTunes 6.0.5 released
Apple today released iTunes 6.0.5, adding the ability to sync Nike + iPod workout data to nikeplus.com and fixing a security issue related to AAC file parsing. The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code, according to Apple. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files. Apple gives credit to ATmaCA working with TippingPoint and the Zero Day Initiative for reporting this issue. Apple and Nike in late May announced a partnership to bring sports and music together, launching Nike + iPod products that allow Nike's new running shoes to communicate with Apple's iPod.