updated 11:45 am EDT, Thu September 6, 2007
iTunes 7.4 plugs hole
Apple today released security update for iTunes 7.4, plugging a hole that could allow attackers to run their own programs or crash iTunes. The security risk requires an unsuspecting iTunes user to open a maliciously crafted music file, after which an attacker could cause a crash or run custom software to put the at-risk Mac in further danger. The update addresses the vulnerability by performing proper bounds checking to prevent a buffer overflow in iTunes when processing album cover art. Apple recommends the update for all users of Mac OS X 10.3.9 or Mac OS X 10.4.7 or later.