Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Apple iTunes Version 9.2.1 Patches Critical Vulnerability

Apple has issued new iTunes 9.2.1 update. The update takes care of a critical security flaw with which attackers can execute arbitrary code. The vulnerability apparently affects Windows and Mac computers running iTunes and an attacker can exploit it through a maliciously-created 'itpc:' link for hijacking an end-user's computer.

Secunia, the Danish vulnerability intelligence firm, the vulnerability (CVE-2010-1777) is a result of a boundary fault caused from the manner in which iTunes uses specific 'itpc:' links, as reported by SoftPedia on July 20, 2010.

During an attack, the attacker creates a special URL and deceives users so that they access it. If he manages to exploit the vulnerability successfully, then a situation of 'heap overflow' results that makes the computer susceptible to attack.

Apple states in a support document posted on its website that visiting a maliciously-created 'itpc:' URL may result in random code execution or sudden termination of application. Apple has set right the flaw via enhanced bounds checking, as reported by Apple on July 19, 2010.

According to the security researchers, the above kind of flaws disturbing URL handling methods prove extremely risky as not much technical skill is required to exploit them.

They further state that given the massive user-base of iTunes following the widespread acceptance of iPads, iPhones and iPods, the security flaw creates an opportunity for bulk assaults.

Amidst the myriad problems solved, there are updates that take care of minor problems in items dragged-and-dropped in iTunes; the implementation factor following synchronization with certain devices unlike before using iTunes 9.2; a problem related to upgradation to iOS 4 on iPod and iPhone touches encoded backups; as well as the necessary progresses for performance and stability.

However, the most vital problem solved with the upgraded iTune 9.2.1 is that the version deactivates earlier versions of certain unsuited third party plug-ins.

A same type of vulnerability within Windows XP processes hcp: (Help and Support Center) URLs, a 0-day flaw, was revealed in the beginning of June 2010. Both targeted and drive-by-download attacks successfully exploited that flaw.

Related article: Apple Patches QuickTime 13 Month Old Flaw

ยป SPAMfighter News - 7/31/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page