iTunes 8 security issue rated 'High' by National Vulnerability Database

A vulnerability within QuickTime 7.5.5 and iTunes 8.0 has been uncovered by security researchers, and given a CVSS Severity rating of 9.3 (high) by the National Vulnerability Database.

The flaw in security is being exploited by malicious code hidden inside embedded MP3 files on web pages and through a long type attribute in a QuickTime tag. According to the VND, the security gap is a "Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 [that] allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code."

So far there's been no response from Apple regarding the bug, though only last week it addressed other bugs in the QuickTime system.

People are also being warned against an email that offers 'Virtual iPhone games!" and sometimes contains the subject line "Apple: The most popular game!". The email attachment (Penguin.Panic.zip) has been confirmed to contain the malware listed as Agent-HNY Trojan, so caution is advised when it comes to Apple related messages and websites for the time being.

02 September 2010 Four Door Lemon reveals QuizQuizQuiz's piracy rate is 23%

02 September 2010 SCVNGR and Quno to bring rail-play to UK stations

01 September 2010 120 million iOS devices sold at 230,000 activations a day

01 September 2010 Gameloft H1 2010 net profit up 140% to €5.3 million

01 September 2010 Palm launches webOS 2.0 SDK beta, launch confirmed for 2010