A vulnerability within QuickTime 7.5.5 and iTunes 8.0 has been uncovered by security researchers, and given a CVSS Severity rating of 9.3 (high) by the National Vulnerability Database.
The flaw in security is being exploited by malicious code hidden inside embedded MP3 files on web pages and through a long type attribute in a QuickTime tag. According to the VND, the security gap is a "Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 [that] allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code."
So far there's been no response from Apple regarding the bug, though only last week it addressed other bugs in the QuickTime system.
People are also being warned against an email that offers 'Virtual iPhone games!" and sometimes contains the subject line "Apple: The most popular game!". The email attachment (Penguin.Panic.zip) has been confirmed to contain the malware listed as Agent-HNY Trojan, so caution is advised when it comes to Apple related messages and websites for the time being.
Top Stories
News
May 31st, 2024
Week in Views - Squad Busters goes global, broken app stores, and Hill Climb Racing gets the LEGO treatment
News
May 31st, 2024
Mobile Movers: All the latest appointments and job moves from around the industry
Events
Indie Game Fest & Indie Campus 2024 | Europe | May 31st |
Game Access Conference 2024 | Europe | May 31st |
Indie Craft K-Game Festival 2024 | Europe | May 31st |
Gaymer Pride | North America | Jun 1st |
BostonFig Online 2024 | Jun 1st | |
GameSummit Summer 2024 | Jun 1st | |
Gotland Game Conference 2024 | Nordic | Jun 3rd |
Games Mental Health Summit 2024 | Europe | Jun 3rd |