iTunes security flaw reported | iLounge News

2014 iPad iPhone iPod Buyers' Guide from iLounge.com

News

iTunes security flaw reported

Author's pic

By LC Angell

Contributing Editor
Published: Friday, November 18, 2005
News Categories: iTunes

eEye Digital Security has issued a warning that a critical vulnerability in iTunes could allow attackers to remotely take over a user’s computer. The security firm said the flaw runs on on all operating systems from Windows XP to Mac OS X.

“This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer,” reports CNET News.com. “eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.”

« New Podcast: iLounge Week in Review Special Edition - Panel Discussion on iPod, from Tech Toy to Icon

iTunes dominates digital music market in UK »

Related Stories

Comments

1

oh dear…

Posted by chris on November 18, 2005 at 10:09 AM (PDT)

2

Okay, they say it’s critical because it can be remotely executed. How? By the iTunes Music Store, because that’s the only remote thing iTunes accesses to the best of my knowledge. Is it a direct attack on a particular port?

Surely there is a simpler temporary fix (if this is a real problem) than “buy our software”?

Posted by But how? on November 18, 2005 at 10:23 AM (PDT)

3

Prob’ly through a podcast.  That’s unsupervised ‘code’ as it comes directly from the podcaster server to your system and never goes to the Music Store at all.

Posted by alanfraser in Rhode Island on November 18, 2005 at 10:36 AM (PDT)

4

its only with version 5.

“Impact: iTunes 5 for Windows may launch the wrong helper program

Description: Due to the way iTunes 5 for Windows launches its helper application, multiple system paths are searched to determine which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes. This has already been addressed in the iTunes 6 release for Windows (2005-10-12)”

so it says “a malicious user on the local system”

i dont see how this is much of a threat at all.  it doesn’t seem to deal with ‘hackers’ at all.

Posted by zip22 on November 18, 2005 at 2:34 PM (PDT)

5

The CNet article says that eEye Digital is *testing* whether it affects MAC OSX.

And on eEye Digital’s site we read:
“Operating Systems Affected:
All Microsoft Operatins Systems”

So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP smile

Posted by stereo on November 18, 2005 at 2:47 PM (PDT)

6

So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP

And you will have guessed wrong.

iTunes also runs on Windoze 2000.

Posted by flatline response on November 18, 2005 at 10:15 PM (PDT)

7

Great…just wonderful.

Posted by PimpyMicPimp on November 19, 2005 at 6:09 PM (PDT)

8

I thought OS X was immune to viruses…

Posted by hoho on November 19, 2005 at 10:29 PM (PDT)

9

“They’re not f’ing Microsoft…”

That’s where you’re wrong. The difference between Apple and Microsoft is all between the ears of some Homo sapiens who want to believe there is such a thing as a good corporation.

They’re just a collection of divisions made up of fallible humans controlled by a group of directors with one goal: to make as much money as possible by doing and spending as little as possible.

Posted by Code Monkey in Midstate New York on November 20, 2005 at 9:05 AM (PDT)

If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.

Commenting is not available in this section entry.

Email:

Recent News

Recent Reviews

Recent Articles

Shop for Accessories: Cases, speakers, chargers, etc.