iTunes update patches bug; adds iPod, iPhone features

Version 7.4 fixes critical flaw, readies iPhone for ringtones and Wi-Fi downloads

(Computerworld) on

Apple updated its iTunes music software late Wednesday to patch a critical vulnerability and add features that will only be enabled once the new iPod touch rolls out later this month.

According to the advisory released Wednesday, iTunes 7.4 fixes a flaw that could result in "arbitrary code execution," Apple's phrase for a critical bug. The vulnerability, which is within the code that processes and displays album cover art, could be exploited by attackers using a malformed music file.

"An attacker may trigger the overflow, which may lead to an unexpected application termination or arbitrary code execution," the advisory read. Apple credited the bug find to David Thiel of iSEC Partners. A researcher at iSEC, Thiel was a presenter at the August Black Hat security conference on vulnerabilities within media software, and mentioned iTunes in passing during his Las Vegas presentation.

Both the Mac OS X and Windows versions of iTunes are flawed and must be updated to 7.4, Apple said.

The updated iTunes also includes several features Apple CEO Steve Jobs touted Wednesday during the launch event for a revamped iPod line. Among the iTunes 7.4 additions: the ability to download tracks from iTunes over a Wi-Fi connection, free wireless access to iTunes from Starbucks coffee shops -- and ringtones. All three will be enabled sometime this month in an iPhone update, while the first two will be available in the iPod touch when it debuts later in September.

None, however, are as yet working. Apple, for instance, must first designate the half-million tracks that Jobs said would be eligible as ringtones for the iPhone. The free access at Starbucks won't kick in until the coffee chain makes changes on its end with its hot spot provider, T-Mobile. The Seattle-based company will debut the service Oct. 2 in 600 of its stores in New York and its hometown, then roll it out to another 350 stores in San Francisco in early November.

Users can update to Version 7.4 using Software Update on the Mac or the optional Apple Software Update utility on Windows PCs. Alternately, the application can be downloaded from Apple's site.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld
Show Comments
Security Watch
Best NBN Plans
Best Mobile Plans

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Back to topHome

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?