Apple fans are under attack on multiple fronts.
Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven.
Exploitation of the flaw in either case involves tricking surfers into opening a maliciously constructed QuickTime tag contained on a web page or embedded in an MP3 and video clip file. Security clearing house US CERT rates the buffer overflow-based flaw - which affects Apple QuickTime 7.5.5 and iTunes 8.0 - as a high risk bug.
Apple posted an update for QuickTime addressing earlier bugs only last week. The consumer electronic giant is yet to respond to the latest security flap involving its iTunes software, following the publication of an alert by US CERT on Thursday.
Full article here - http://www.theregister.co.uk/2008/09/19/apple_attacks/