1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Apple iTunes Protocol Handler Buffer Overflow Vulnerability

Report ID: SA200902512
Source: Secunia
Date of Discovery: 02.06.2009
Criticality: Urgent
Affects:
iTunes 8.x

Compromise From: From remote
Compromise Type: System access

Summary

A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in various URI handlers including "itms", "itmss", "daap", "pcast", and "itpc" and can be exploited to cause a stack-based buffer overflow.

Successful exploitation allows execution of arbitrary code.

Solution

Update to version 8.2.
www.apple.com/itunes/download/

Original Reference

-