News
iTunes security flaw reported
eEye Digital Security has issued a warning that a critical vulnerability in iTunes could allow attackers to remotely take over a user’s computer. The security firm said the flaw runs on on all operating systems from Windows XP to Mac OS X.
“This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer,” reports CNET News.com. “eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.”
Related Stories
- Apple tweaks App Store with Editors’ Choice, Free picks
- Apple censors ‘jailbreak’ on iTunes Store
- Report: Siri APIs, Siri for iPad coming in iOS 6?
- Apple hit with class action suit over iTunes billing
- iTunes Match rolls out to several new countries
- Apple offers eBook settlement in Europe
Comments
If you have a comment, news tip, advertising inquiry, or coverage request, a question about iPods/iPhones/iPad or accessories, or if you sell or market iPod/iPhone/iPad products or services, read iLounge's Comments + Questions policies before posting, and fully identify yourself if you do. We will delete comments containing advertising, astroturfing, trolling, personal attacks, offensive language, or other objectionable content, then ban and/or publicly identify violators.
Recent News
- Pulp adds iCloud sync, new Home Page
- WordPress for iOS adds Push Notifications
- Sony launches Music Unlimited for iOS
- Apple device poll ends, computing poll begins
- Fruit Ninja adds new features and power-ups
- Apple to sell Nest Learning Thermostat
- Third-gen iPad to launch in Guam, Philippines May 29
- Apple tweaks App Store with Editors’ Choice, Free picks
- Panic releases Diet Coda
- Booq rolls out new Folio for iPad
Recent Reviews
- Pelican i1075 Hardback Case for iPad
- Skinit Skins for iPad (3rd-Generation)
- Spigen SGP Steinheil Ultra Optics Screen Protector for iPad (3rd-Gen)
- ZeroChroma VarioProtect for iPhone 4/4S
- BodyGuardz UltraTough Clear Skins for iPad (3rd-Gen)
- Wrapsol Original + Ultra Hybrid Protective Film for iPad 2/iPad (3rd-Gen)
- iBattz Mojo Removable Power Card Wallet
- dreamGEAR i.Sound Power View Pro S 2.1A Dual Charging Dock
- dreamGEAR i.Sound Universal Power View
- Sena Cases Florence Portfolio for iPad (3rd-Gen)
Recent Articles
- Removing music from iTunes after copying to iPod
- iOS Gems: Farm 123, Facebook Camera, Scribblenauts, Shoot the Zombirds + Virtua Tennis Challenge
- iTunes TV show size totals don’t match actual disk storage
- Consolidating Multiple iTunes Libraries
- Converting Purchased Videos to 1080p HD
- Find My Friends always reports home location
- Creating an iTunes Match library from an external hard drive
- Benefits of keeping apps in iTunes when using iCloud
- Recovering iTunes from an External Hard Drive
- Normalizing volume levels for Voice Memos
1
oh dear…
Posted by chris on November 18, 2005 at 10:09 AM (PDT)
2
Okay, they say it’s critical because it can be remotely executed. How? By the iTunes Music Store, because that’s the only remote thing iTunes accesses to the best of my knowledge. Is it a direct attack on a particular port?
Surely there is a simpler temporary fix (if this is a real problem) than “buy our software”?
Posted by But how? on November 18, 2005 at 10:23 AM (PDT)
3
Prob’ly through a podcast. That’s unsupervised ‘code’ as it comes directly from the podcaster server to your system and never goes to the Music Store at all.
Posted by alanfraser in Rhode Island on November 18, 2005 at 10:36 AM (PDT)
4
its only with version 5.
“Impact: iTunes 5 for Windows may launch the wrong helper program
Description: Due to the way iTunes 5 for Windows launches its helper application, multiple system paths are searched to determine which program to run. This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes. This has already been addressed in the iTunes 6 release for Windows (2005-10-12)”
so it says “a malicious user on the local system”
i dont see how this is much of a threat at all. it doesn’t seem to deal with ‘hackers’ at all.
Posted by zip22 on November 18, 2005 at 2:34 PM (PDT)
5
The CNet article says that eEye Digital is *testing* whether it affects MAC OSX.
And on eEye Digital’s site we read:
“Operating Systems Affected:
All Microsoft Operatins Systems”
So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP
Posted by stereo on November 18, 2005 at 2:47 PM (PDT)
6
So I guess the flaw (at least for the time being) runs on all operating systems from Windows XP to Windows XP
And you will have guessed wrong.
iTunes also runs on Windoze 2000.
Posted by flatline response on November 18, 2005 at 10:15 PM (PDT)
7
Great…just wonderful.
Posted by PimpyMicPimp on November 19, 2005 at 6:09 PM (PDT)
8
I thought OS X was immune to viruses…
Posted by hoho on November 19, 2005 at 10:29 PM (PDT)
9
“They’re not f’ing Microsoft…”
That’s where you’re wrong. The difference between Apple and Microsoft is all between the ears of some Homo sapiens who want to believe there is such a thing as a good corporation.
They’re just a collection of divisions made up of fallible humans controlled by a group of directors with one goal: to make as much money as possible by doing and spending as little as possible.
Posted by Code Monkey in Midstate New York on November 20, 2005 at 9:05 AM (PDT)