Apple has been quite a lot of negative feedback because of a particular vulnerability in the security of iTunes. It was this iTunes update that somehow exposed the users of iPhone and the iPod Touch to a lot of highly malicious attacks of the world’s most notorious hackers. The most serious flaw that could be spotted is believed to have the power to allow remote code execution, especially whenever the user starts to open image as well as audio files.

The Issues

The CoreAudio is still under investigation since there is presently a buffer overflow that presently exists in how mp4 audio files are handled. This means that those who are not well aware that they are about to play an mp4 audio file that has been maliciously crafted, then they can have an unexpected application termination, or, if not that, arbitrary code execution.

With ImageIO, on the other hand, there is a buffer underflow that exists in how ImageIO handles its TIFF images. When you view a TIFF image that has been maliciously crafted can also lead to the exact same thing mentioned above.

In Recovery Mode, there is a memory corruption issue that exists when it comes to the actual handling of particular USB control messages. Anyone who has physical access to this particular gadget can end up bypassing the pass code and then access all of the data of the user.

Multiple input validation issues also exist with WebKit, especially in how WebKit handles the directory listings associated with FTP. When you access an FTP server that is maliciously crafted, you can have information disclosure, execution of arbitrary codes, or application termination that is pretty much not expected at all.

Another issue with WebKit is that every time it encounters an HTML5 Media Element for a certain external source, WebKit does not issues resource load callbacks, as it should. Issuing resource load callbacks is the only way for the company to be able to figure out whether or not the resource must be loaded. And, since it cannot do exactly that, there may be undesired requests towards remote servers. An example of this would be the time when the sender of a certain HTML-formatted message through email uses this in order to find out if the message has been read.

Updating Your Device

If you update your gadget now, you can avoid all of these glitches. However, you need to get yourself officially connected to iTunes first, since the iPod Touch or iPhone update can only be available through the official iTunes website.

The Patchapalooza

Apple is also having some issues with their Mac computers and has implemented some certain fix-ups. They called the fix-up season, the Mac OS X patchapalooza. To date, Apple has sent out security patches to take care of virtually eighty eight vulnerabilities within the Mac operating system, seven flaws in the iTunes system, sixteen bugs in the QuickTime media player, as well as a huge security glitch in the AirPort Base Station.

Such flaws must be taken care of right away because they could be exploited for launching malware attacks whenever users unknowingly open a malicious audio or image file.