The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.
- Impact: Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution
- Description: A buffer overflow exists in the handling of .pls files. Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
The update is available for Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows XP, Vista and Windows 7.