Wednesday, September 09, 2009

The Ringtone Massacre

If you are an iPhone or iPod user then get the latest update of iPhone OS released today. This new version fixes a heap buffer overflow I found in CoreAudio of iPhone OS (see TKADV2009-007). The bug may be exploited by maliciously crafted AAC or MP3 files. This includes ringtones on the iPhone.

I'm sure you are only listening to AAC/MP3's you got from trusted sources, right? :>