iTunes, QuickTime Flaws Detailed
Security researcher Tom Ferris has posted details on a security vulnerability that affects the latest versions of Apple's iTunes and QuickTime software. A specially crafted .mov video file could cause a heap overflow and potentially give an attacker the ability to execute arbitrary code.
Ferris first reported the problem earlier this month and says he notified Apple at that time. He says both Mac OS X and Windows machines are affected, as are older versions of iTunes and QuickTime. Security firm Secunia has rated the vulnerability "moderately critical," as code execution has not been confirmed.