A serious security vulnerability exists in Apple Computer's iTunes and QuickTime software, bug hunter Tom Ferris reported on his Security-Protocols.com Web site Friday.
"The vulnerability allows an attacker to reliably overwrite heap memory with arbitrary data in order to execute arbitrary code on a targeted host," Ferris wrote.
An attacker could commandeer a computer running Windows or Mac OS X by tricking a user into opening a malicious media file, Ferris said in an interview. The problem was reported to Apple on Friday, he said.
To limit risk to users of the vulnerable software, Ferris won'… Read more