Apple fixes bugs in iTunes and QuickTime

The Apple patches address security issues in iTunes and QuickTime

Apple has issued updates to address security issues in iTunes and the QuickTime media player software.

The iTunes 8.2 and QuickTime 7.6.2 updates address a number of vulnerabilities for the Windows XP and Vista versions of both applications, along with MacOS X 10.4 and 10.5 software versions.

The QuickTime update fixes 10 flaws, each of which could allow an attacker to remotely execute code on a target system. Eight of the flaws affect both the MacOS X and Windows versions, while the remaining two apply only to the Windows Vista and XP releases.

Among the patched vulnerabilities are remote code execution flaws in the way QuickTime handles PICT and JP2 images, as well as several flaws in the handling of video files.

The iTunes update fixes just one flaw affecting the Windows and OS X versions of the media player. If exploited, the flaw could allow an attacker to remotely execute code by using a specially crafted URL to launch and then crash iTunes.

Users can obtain both updates through the Apple Software Update tool or online from the company's download site.