A vulnerability within QuickTime 7.5.5 and iTunes 8.0 has been uncovered by security researchers, and given a CVSS Severity rating of 9.3 (high) by the National Vulnerability Database.
The flaw in security is being exploited by malicious code hidden inside embedded MP3 files on web pages and through a long type attribute in a QuickTime tag. According to the VND, the security gap is a "Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 [that] allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code."
So far there's been no response from Apple regarding the bug, though only last week it addressed other bugs in the QuickTime system.
People are also being warned against an email that offers 'Virtual iPhone games!" and sometimes contains the subject line "Apple: The most popular game!". The email attachment (Penguin.Panic.zip) has been confirmed to contain the malware listed as Agent-HNY Trojan, so caution is advised when it comes to Apple related messages and websites for the time being.
Top Stories
News
1 hour, 15 minutes ago
Apple's AI plans trigger $110 billion stock buyback despite declining sales
Events
GameDev Atlantic 2024 | May 4th | |
LA Games Conference 2024 | North America | May 6th |
Mobidictum Meetup Berlin May 2024 | Europe | May 7th |
Valencia Indie Summit 2024 | Europe | May 16th |
Mobidictum Meetup Tallinn May 2024 | Europe | May 21st |
Israel Mobile Summit 2024 | Middle East | Jun 6th |
WN Conference Istanbul 2024 | Jun 11th | |
DevGAMM Vilnius 2024 | Europe | Jun 14th |