Apple slips security fixes into rollout

New features aren't the only reason to update your Apple software

Apple has added several security fixes into the latest versions of iTunes and QuickTime.

The company has issued a pair of postings outlining nine security fixes in QuickTime 7.5.5 and two in the new iTunes 8.0.

The iTunes update contains a patch for what Apple has termed a "misleading" dialogue in the OS X version of the player.

The message occurred when users running OS X 10.4 or earlier were presented with a dialogue box which said that enabling iTunes Music Sharing would have no effect on the Mac's firewall protections.

"Allowing iTunes Music Sharing or any other service through the firewall inherently affects security by exposing the service to remote entities," the company explained in the posting.

Also fixed was an issue in the Windows XP and Vista ports of iTunes. The flaw could allow an attacker to use a maliciously-crafted third-party driver to crash iTunes and change user privileges.

Eight of the nine fixes for QuickTime address flaws which could be used by an attacker to remotely execute code on a targeted system.

Eight of the flaws affect the Windows version of the media player, while five also affect OS X users.

The vulnerabilities included issues in the browser's handling of movie files, PICT files and QTVR movies.

Apple also issued security fixes within the new version of Bonjour for Windows and the iPod Touch firmware update.

Users can obtain the updates through Apple's Software Update application or by visiting the Apple Downloads site.