Apple outlines security changes in iTunes 8.1

Apple has published a new Knowledge Base document outlining the security changes in iTunes 8.1. According to “About the security content of iTunes 8.1,” the updated software fixes a bug which could allow a malicious podcast to request the user’s iTunes username and password via an authentication dialog box. The update fixes the issue by clarifying the origin of the authentication request in the dialog. In addition, iTunes 8.1 fixes an issue in which a maliciously crafted Digital Audio Access Protocol (DAAP) message could lead to a denial of service; the update addresses the issue by performing additional validation of DAAP messages. iTunes 8.1 is available now through Apple’s Software Update utility or as a direct download from [via CNet]

Latest News