updated 07:20 pm EDT, Tue September 9, 2008
Apple app issues patched
Supplemental to the plethora of Apple software releases on Tuesday, Apple noted that iTunes 8.0, Quicktime 7.5.5, Bonjour for Windows 1.0.5, and the iPod touch 2.1 OS updates offer various security fixes as well. iTunes 8.0 resolves a vulnerability on the Mac side that results in an erroneous Firewall warning dialogue, while the Windows side saw a fix pertaining to system privileges. iTunes 8.0 is available for download from Apple's website.
Quicktime 7.5.5 saw the majority of fixes, with nine issues catalogued, split between the Mac and PC software. The majority of issues relate to maliciously crafted QTVR or movie files leading towards arbitrary code execution, or similar. PICT-formatted image files also could be used to exploit the vulnerability, a problem that was also patched.
Bonjour for Windows 1.0.5 resolved problems with maliciously crafted ".local" domain names, as well as an issue that allowed users to spoof DNS information. The second vulnerability was preemptively resolved, since Apple claims that there are no known applications capable of making use of the issue.
iPod touch 2.1 introduces a few fixes related to CoreGraphics, mDNSResponder, networking, WebKit, and the Application Sandbox environment. Most problems related session highjacking, arbitrary code execution, DNS cache poisoning, and improper handling of files.