About the security content of iTunes 6.0.5

This article has been archived and is no longer updated by Apple.

This document describes the security content of iTunes 6.0.5, which can be downloaded and installed using Software Update, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred, and any necessary patches or releases are available. To learn more about Apple Product Security, visit the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to Use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

iTunes 6.0.5

  • iTunes

    CVE-ID: CVE-2006-1467

    Available for: Mac OS X v10.2.8 or later, Windows XP / 2000

    Impact: An integer overflow in iTunes could cause a denial of service or lead to the execution of arbitrary code

    Description: The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability. Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files. iTunes 6.0.5 is freely available from http://www.apple.com/itunes/download/. Credit to ATmaCA working with TippingPoint and the Zero Day Initiative for reporting this issue.

Published Date: Oct 7, 2016