iTWire - Multiple Apple updates deliver security patches as well as new features

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Multiple Apple updates deliver security patches as well as new features

Multiple Apple updates deliver security patches as well as new features

E-mail

Information technology news - Security
by Stephen Withers
Wednesday, 10 September 2008
Page 1 of 2 Microsoft wasn't the only company to have a Patch Tuesday this month. Updates from Apple include security fixes for widely used software including QuickTime and iTunes. As in the Windows updates, several of the issues addressed by Apple concern malformed media files. Featured Whitepaper 5 Best Practices for Smartphone Support Apple released new versions of iTunes, QuickTime and Front Row for Mac OS X, and of iTunes, QuickTime, MobileMe Control Panel, and Bonjour for Windows. From a security perspective, the change in iTunes 8.0 for Mac was primarily cosmetic: a warning dialog has been changed to clarify the effect of unblocking iTunes Music Sharing in the firewall. The fix in the Windows version involves an unspecified third-party driver and an integer overflow that can be exploited by a local user to gain system privileges. If you're in a situation where local privilege escalations are a concern, you probably don't let people install or run iTunes. QuickTime is even more widely used, for example by cross-platform multimedia packages. Version 7.5.5 fixes several Windows-specific flaws that can be exploited with maliciously crafted Indeo or PICT files. Cross-platform flaws can be exploited with maliciously crafted QTVR, H.264, PICT or movie files. All of the QuickTime flaws can result in the failure of an application; all but one have the potential to allow the execution of arbitrary code. Bonjour for Windows 1.0.5 provides better checking of DNS labels to avoid a denial of service attack using maliciously crafted .local domain names, and applies source port and transaction ID randomisation to reduce the risk of spoofed information being delivered for unicast DNS queries. Apple notes "there are no known applications that use the Bonjour APIs for unicast DNS hostname resolution." What else is new? Find out on page two. << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking