iSEC Partners Security Advisory - 2007-005-itunes https://www.isecpartners.com -------------------------------------------- iTunes 7.3.x - Heap overflow in album cover parsing Vendor: Apple, Inc. Vendor URL: http://www.apple.com Versions affected: Confirmed in iTunes 7.3.2 Systems Affected: Confirmed on OS X 10.4.10 PPC, Windows XP x86 Severity: High (potential code execution) Author: David Thiel <david[at]isecpartners[dot]com> Vendor notified: 2007-07-29 Public release: 2007-09-05 Advisory URL: https://www.isecpartners.com/advisories/2007-005-itunes.txt Vendor Advisory URL: http://docs.info.apple.com/article.html?artnum=306404 Summary: -------- A vulnerability exists in iTunes where an attacker can cause a denial of service or code execution via maliciously crafted album cover art embedded in a media file. Details: -------- iTunes 7.3.2 and earlier are vulnerable to a heap overflow when parsing the 'covr' atom of an MP4/AAC file. This atom is normally used for the storage of album cover art. Fix Information: ---------------- This issue is fixed in iTunes 7.4, available via Software Update or download at http://www.apple.com/itunes/download/. Thanks to: ---------- The Apple product security team for a timely response to this issue. About iSEC Partners: -------------------- iSEC Partners is a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification, with offices in San Francisco, Seattle, Ewa Beach and Los Angeles. https://www.isecpartners.com info@xxxxxxxxxxxxxxxx
