New Releases of iTunes and QuickTime Fix 11 VulnerabilitiesJune 1, 2009 – 4:26 PM
Apple has released versions 8.2 of iTunes and 7.6.2 of QuickTime to address a series of vulnerabilities, mostly in QuickTime.
The one iTunes vulnerability is a stack overflow in parsing “itms:” URLs which can lead to a DOS or arbitrary code execution. 10 vulnerabilities in QuickTime are all of a type that viewing certain malicious content could crash the program or lead to arbitrary code execution. Most of these vulnerabilities affect both Windows and Mac versions.
Such attacks do happen in the real world, and it’s a good idea to apply the updates quickly.
The vulnerability information went out on an Apple mailing list but is not yet available on their web site. You can download the new Windows versions from the QuickTime download page or run Apple Software Update.