iTunes update patches bug; adds new iPod, iPhone features
Version 7.4 fixes critical flaw, readies iPhone for ringtones and Wi-Fi downloads
Computerworld - Apple Inc. updated its iTunes music software late yesterday to patch a critical vulnerability and add features that will only be enabled once the new iPod touch rolls out later this month.
According to the advisory released Wednesday, iTunes 7.4 fixes a flaw that could result in "arbitrary code execution," Apple's phrase for a critical bug. The vulnerability, which is within the code that processes and displays album cover art, could be exploited by attackers using a malformed music file.
"An attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution," the advisory read. Apple credited the bug find to David Thiel of iSEC Partners Inc. A researcher at iSEC, Thiel was a presenter at the August Black Hat security conference on vulnerabilities within media software (download PDF), and mentioned iTunes in passing during his Las Vegas presentation.
Both the Mac OS X and Windows versions of iTunes are flawed and must be updated to 7.4, Apple said.
The updated iTunes also includes several features Apple CEO Steve Jobs touted yesterday during the launch event for a revamped iPod line. Among the iTunes 7.4 additions: the ability to download tracks from iTunes over a Wi-Fi connection, free wireless access to iTunes from Starbucks coffee shops -- and ringtones. All three will be enabled sometime this month in an iPhone update, while the first two will be available in the iPod touch when it debuts later in September.
None, however, are as yet working. Apple, for instance, must first designate the half-million tracks that Jobs said would be eligible as ringtones for the iPhone. The free access at Starbucks won't kick in until the coffee chain makes changes on its end with its hot spot provider, T-Mobile. The Seattle-based company will debut the service Oct. 2 in 600 of its stores in New York and its hometown, then roll it out to another 350 stores in San Francisco in early November.
Users can update to Version 7.4 using Software Update on the Mac or the optional Apple Software Update utility on Windows PCs. Alternately, the application can be downloaded from Apple's site.
Read more about Mac OS X in Computerworld's Mac OS X Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Mac OS X White Papers | Webcasts