iTunes 8.2 in Software Update, supports iPhone 3.0; QuickTime & GarageBand also patched

Features Editor

Updated Mon, Jun 1, 2009, 4:30 PM·6 min read

iTunes 8.2 just became available in Software Update. According to the update notes, "iTunes 8.2 now supports iPhone or iPod touch with the iPhone 3.0 Software Update. iTunes 8.2 also includes many accessibility improvements and bug fixes." The update weighs in at 79.3 MB.

QuickTime 7.6.2 and GarageBand Update 5.0.2 also became available at the same time. In keeping with Apple's policy of full disclosure, there's not much information for users about what's in either of the updates, although subscribers to Apple's security notification list got an email with a list of 10 fixed vulnerabilities in the QT update (soon to be posted at Apple's security site and reproduced in the second half of this post).

The GarageBand update "addresses general compatibility issues, improves overall stability, and fixes a number of other minor issues [including] Improved purchasing experience for Artist Lessons in the GarageBand Lesson Store [&] Accessing installed Jam Packs in the loop browser." The update is required if you are purchasing lessons from the Lesson Store.

The iTunes update is one more clear sign that iPhone 3.0 is just around the corner. Be sure to stay tuned to our coverage of the Apple Worldwide Developer Conference next week for all your iPhone news!

APPLE-SA-2009-06-01-1 QuickTime 7.6.2

QuickTime 7.6.2 is now available and addresses the following:

QuickTime
CVE-ID: CVE-2009-0188
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of Sorenson 3 video files. This may lead to an unexpected
application termination or arbitrary code execution. This update
addresses the issue by performing additional validation of Sorenson 3
video files. Credit to Carsten Eiram of Secunia Research for
reporting this issue.

QuickTime
CVE-ID: CVE-2009-0951
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted FLC compression file may lead
to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of FLC
compression files. Opening a maliciously crafted FLC compression file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0952
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow may occur while processing a
compressed PSD image. Opening a maliciously crafted compressed PSD
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through improved
bounds checking. Credit to Damian Put working with TippingPoint's
Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0010
Available for: Windows Vista and XP SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer underflow in QuickTime's handling of PICT
images may result in a heap buffer overflow. Opening a maliciously
crafted PICT file may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of PICT images. Credit to Sebastian
Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries
of Carnegie Mellon University Computing Services for reporting this
issue.

QuickTime
CVE-ID: CVE-2009-0953
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted PICT image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of PICT images. Opening a maliciously crafted PICT file may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of PICT images. Credit to Sebastian Apelt working with TippingPoint's
Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0954
Available for: Windows Vista and XP SP3
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of Clipping Region (CRGN) atom types in a movie file. Opening a
maliciously crafted movie file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
Mac OS X systems. Credit to an anonymous researcher working with
TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0185
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in the handling of MS
ADPCM encoded audio data. Viewing a maliciously crafted movie file
may lead to an unexpected application termination or arbitrary code
execution. This update addresses the issue through improved bounds
checking. Credit to Alin Rad Pop of Secunia Research for reporting
this issue.

QuickTime
CVE-ID: CVE-2009-0955
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Opening a maliciously crafted video file may lead to an
unexpected application termination or arbitrary code execution
Description: A sign extension issue exists in QuickTime's handling
of image description atoms. Opening a maliciously crafted Apple video
file may lead to an unexpected application termination or arbitrary
code execution. This update addresses the issue through improved
validation of description atoms. Credit to Roee Hay of IBM Rational
Application Security Research Group for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0956
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a movie file with a maliciously crafted user data
atom may lead to an unexpected application termination or arbitrary
code execution
Description: An uninitialized memory access issue exists in
QuickTime's handling of movie files. Viewing a movie file with a zero
user data atom size may lead to an unexpected application termination
or arbitrary code execution. This update addresses the issue by
performing additional validation of movie files, and presenting a
warning dialog to the user. Credit to Lurene Grenier of Sourcefire,
Inc. (VRT) for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0957
Available for: Mac OS X v10.4.11, Mac OS X v10.5.7,
Windows Vista and XP SP3
Impact: Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling
of JP2 images. Viewing a maliciously crafted JP2 image may lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue through improved bounds checking. Credit
to Charlie Miller of Independent Security Evaluators, and Damian Put
working with TippingPoint's Zero Day Initiative for reporting this
issue.

Engadget
What to expect at Google I/O 2024: Gemini, Android 15, WearOS and more details
Google's I/O developer conference is right around the corner. Here's what we're expecting to see, including Android 15 details and a whole bunch of AI news.
Engadget
iOS 17.5 is here with support for web-based app downloads in the EU
Apple has rolled out iOS 17.5, which includes a cross-platform alert system for unwanted Bluetooth trackers that it worked on with Google. Also new are a web-based app distribution option in the EU and a daily word game for Apple News+.
Engadget
OpenAI claims that its free GPT-4o model can talk, laugh, sing and see like a human
The new model accepts any combination of text, audio and images as input and can generate an output in all three formats.
Engadget
Amazon workers become the first to unionize at one of the company's Canadian warehouses
Amazon workers at a Quebec facility have become the first to form a union at one of the company's Canadian warehouses.
Engadget
Google teases new camera-powered AI feature one day ahead of I/O
Google is teasing an intriguing new AI feature one day ahead of its IO developer conference.
Engadget
Apple and Google roll out a cross-platform feature to tackle unwanted Bluetooth trackers
Apple and Google are rolling out a feature that will alert iOS and Android users when an unknown Bluetooth tag appears to be tracking them.
Engadget
Google’s Project Starline video conferencing tech is coming to offices
Google just announced that it has teamed up with HP to bring its futuristic Project Starline video conferencing system to enterprise clients. It even integrates with Google Meet and Zoom.
Engadget
A free PS1 emulator for iPhone is burning up the App Store charts
A free PS1 emulator for iPhone is burning up the App Store charts, currently resting at number six. The app is called Gamma and offers on-screen virtual controls, but allows integration with Bluetooth controllers and keyboards.
Engadget
The best midrange smartphones for 2024
Here's a list of the best midrange smartphones you can buy, as chosen by Engadget editors.
Engadget
The Rogue Prince of Persia is delayed because Hades II is a juggernaut
The Rogue Prince of Persia was supposed to debut in early access on May 14, but Evil Empire and Ubisoft have delayed it to get out of the way of Hades II.
Engadget
The M2 iPad Air is $30 off if you preorder at Amazon
The new M2 iPad Air arrives this week and you can already snap it up for a modest discount if you preorder on Amazon.
Engadget
Pick up this Anker 10,000mAh magnetic power bank for only $32
This Anker 10,000mAh magnetic power bank is on sale via Amazon for $32. That’s a discount of more than 20 percent.
Engadget
Apple's 10th-gen iPad hits a new low of $334
Amazon has marked down Apple's 10th-generation iPad to an all-time low price.
Engadget
Google Pixel 8a review: The best midrange Android phone gets flagship AI features
The Pixel 8a delivers handy AI features alongside a beautiful 120Hz OLED screen, excellent cameras and way above-average battery life for just $499.
Engadget
The best grills and grill accessories in 2024
Here’s a list of the best grilling gear you can buy -- including Traeger and Weber grills -- as chosen by Engadget editors.
Engadget
The Morning After: Those geomagnetic storms are messing with farming tech’s GPS systems
The biggest news stories this morning: Waymo’s robotaxis are making 50,000 paid trips every week, Most Apple App Store developers aren’t trying outside payments, Alienware m16 R2 review.
Engadget
Apple Store workers in Maryland have voted to authorize a strike
Apple's first unionized Store in Towson, Maryland has now authorized the first strike against the retail giant.
Engadget
The 21 best Nintendo Switch games in 2024
Here's a list of the best games for Nintendo Switch and Nintendo Switch Lite, from A to Z trigger, as chosen by Engadget editors.
Engadget
Most App Store developers aren’t taking Apple up on its new outside payments option
In a hearing on Friday as part of the ongoing legal battle with Epic, Apple said only 38 developers have applied to add links to external payment options — out of roughly 65,000 that could, according to Bloomberg.
Engadget
The geomagnetic storm is a nightmare for farmers relying on precision agriculture tech
According to a report by 404 Media, the intense solar activity over the last few days has disrupted critical GPS systems that guide modern tractors. Modern John Deere tractors as well as those from other brands rely on this technology for precision.

iTunes 8.2 in Software Update, supports iPhone 3.0; QuickTime & GarageBand also patched

Latest Stories

What to expect at Google I/O 2024: Gemini, Android 15, WearOS and more details

iOS 17.5 is here with support for web-based app downloads in the EU

OpenAI claims that its free GPT-4o model can talk, laugh, sing and see like a human

Amazon workers become the first to unionize at one of the company's Canadian warehouses

Google teases new camera-powered AI feature one day ahead of I/O

Apple and Google roll out a cross-platform feature to tackle unwanted Bluetooth trackers

Google’s Project Starline video conferencing tech is coming to offices

A free PS1 emulator for iPhone is burning up the App Store charts

The best midrange smartphones for 2024

The Rogue Prince of Persia is delayed because Hades II is a juggernaut

The M2 iPad Air is $30 off if you preorder at Amazon

Pick up this Anker 10,000mAh magnetic power bank for only $32

Apple's 10th-gen iPad hits a new low of $334

Google Pixel 8a review: The best midrange Android phone gets flagship AI features

The best grills and grill accessories in 2024

The Morning After: Those geomagnetic storms are messing with farming tech’s GPS systems

Apple Store workers in Maryland have voted to authorize a strike

The 21 best Nintendo Switch games in 2024

Most App Store developers aren’t taking Apple up on its new outside payments option

The geomagnetic storm is a nightmare for farmers relying on precision agriculture tech

About

Sections

Contribute

Buying Guides