News
iTunes security flaw reported
eEye Digital Security has issued a warning that a critical vulnerability in iTunes could allow attackers to remotely take over a user’s computer. The security firm said the flaw runs on on all operating systems from Windows XP to Mac OS X.
“This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer,” reports CNET News.com. “eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.”
Related Stories
- iBooks Author EULA draws criticism
- Apple posts streaming video of education event
- Apple releases iTunes 10.5.3 with support for iTunes U
- Coverage of Apple’s education event begins at 10AM ET
- Apple education event to focus on content, K-12 market
- Apple working with McGraw-Hill, to launch ‘GarageBand’ for textbooks?
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- iLounge Weekly coming early Monday, giveaway reminder
- iBackFlip launches Somersault case for iPad
- Motorola loses third patent case against Apple in Germany
- Apple rushing to pick demo apps for next iPad launch
- Apple airs new Siri-focused iPhone 4S ads
- Periscope Audio Lab releases SpaceSampler
- Evernote Hello improves contact entry features
- eMailGanizer Pro adds Universal Inbox, Smart Folders
- Scosche rolls out bassDock for iPad
- German court rejects Apple bid to ban Galaxy 10.1N
Recent Reviews
- Cygnett Apollo for iPhone 4/4S
- Case-Mate Pop! ID for iPhone 4/4S
- Case-Mate Pop! for iPhone 4/4S
- Case-Mate Pop! With Stand for iPhone 4/4S
- Solid Line Products RightShift 2 Removable Keyboard Case for iPad 2
- Spigen SGP Kuel F60Q Battery Pack
- Just Mobile Highway + Highway Pro for iPod, iPhone + iPad
- Speck CandyShell and CandyShell Satin for iPhone 4/4S
- Jensen JiPS-310i Docking Speaker for iPod, iPhone & iPad
- FrappeDesign Smart Sleeve for iPad 2
Recent Articles
- iOS Gems: Adventures of Tintin, Reckless Racing 2 + Scramble With Friends
- Ask iLounge 2-3-12
- Making The Case For - And Against - An Apple iTV Television
- Instant Expert: iTunes U for iPad, iPhone and iPod touch
- Instant Expert: Secrets & Features of iBooks 2.0
- iLounge’s 2012 CES Best of Show Awards: Honorable Mentions
- iLounge’s 2012 CES Best of Show Awards: iPod, iPhone, iPad + Mac
- iOS Gems: Bug Princess, Dora Hops Into Phonics, It’s A Small World, Sleepy Jack + X Is For X-Ray
- The Complete Guide to Managing iTunes Videos
- Editorial: As CES Grows, Will Microsoft’s Loss Be Apple’s Gain?
1
oh dear…
Posted by chris on November 18, 2005 at 10:09 AM (PDT)
2
Okay, they say it’s critical because it can be remotely executed. How? By the iTunes Music Store, because that’s the only remote thing iTunes accesses to the best of my knowledge. Is it a direct attack on a particular port?
Surely there is a simpler temporary fix (if this is a real problem) than “buy our software”?
Posted by But how? on November 18, 2005 at 10:23 AM (PDT)
3
Prob’ly through a podcast. That’s unsupervised ‘code’ as it comes directly from the podcaster server to your system and never goes to the Music Store at all.
Posted by alanfraser in Rhode Island on November 18, 2005 at 10:36 AM (PDT)
4
its only with version 5.
“Impact: iTunes 5 for Windows may launch the wrong helper program
Description: Due to the way iTunes 5 for Windows launches its helper application, multiple system paths are searched to determine which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes. This has already been addressed in the iTunes 6 release for Windows (2005-10-12)”
so it says “a malicious user on the local system”
i dont see how this is much of a threat at all. it doesn’t seem to deal with ‘hackers’ at all.
Posted by zip22 on November 18, 2005 at 2:34 PM (PDT)
5
The CNet article says that eEye Digital is *testing* whether it affects MAC OSX.
And on eEye Digital’s site we read:
“Operating Systems Affected:
All Microsoft Operatins Systems”
So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP
Posted by stereo on November 18, 2005 at 2:47 PM (PDT)
6
So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP
And you will have guessed wrong.
iTunes also runs on Windoze 2000.
Posted by flatline response on November 18, 2005 at 10:15 PM (PDT)
7
Great…just wonderful.
Posted by PimpyMicPimp on November 19, 2005 at 6:09 PM (PDT)
8
I thought OS X was immune to viruses…
Posted by hoho on November 19, 2005 at 10:29 PM (PDT)
9
“They’re not f’ing Microsoft…”
That’s where you’re wrong. The difference between Apple and Microsoft is all between the ears of some Homo sapiens who want to believe there is such a thing as a good corporation.
They’re just a collection of divisions made up of fallible humans controlled by a group of directors with one goal: to make as much money as possible by doing and spending as little as possible.
Posted by Code Monkey in Midstate New York on November 20, 2005 at 9:05 AM (PDT)