Apple has shipped a critical security patch for its iTunes media player to fix several gaping security holes that expose Windows users to hacker attacks.
The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site. The update applies to Windows 7, Windows Vista and Windows XP machines.
In all, the new iTunes 9.2 fixes 40 documented vulnerabilities, most affecting the WebKit rendering engine. The WebKit vulnerabilities are the same that affected Apple’s Safari browser.
Here are the details on the iTunes vulnerabilities:
- ColorSync (CVE-2009-1726) — A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of ColorSync profiles. This issue affects Windows 7, Vista, XP SP2 or later.
- ImageIO (CVE-2010-1411) — Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Affects Windows 7, Vista, XP SP2 or later.