Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iTunes Hit With a New Critical Flaw

Posted by Zonk on from the watch-what-you-listen-to dept.

Jameson writes "Apple has released a new iTunes version to correct a security vulnerability reported by Mark Litchfield. FrSIRT and Secunia marked the flaw as "critical", because it can be exploited by malicious people to compromise a user's system via maliciously-crafted MPEG4 file. iTunes 4.8 addresses this issue by improving the validation checks used when loading MPEG4 files."

5 of 44 comments (clear)

  1. Misleading Article Title by Anonymous Coward · · Score: 5, Insightful

    Why is the title of this article "Apple iTunes Hit With a New Critical Flaw". Souln't it be "New Apple iTunes Fixes Critical Flaw"?

  2. Thanks for the FUD by amichalo · · Score: 5, Insightful

    Our old software with weaker DRM may render your computer insecure! Upgrade to our new fancy DRMtacular software!

    But TFAs don't say anything about this having to to with DRMed MP4s.

    In fact, I don't see how one could "specially craft" (per the articles) a DRM protected MP4 and allow it to be played on any computer. Certainly Apple isn't going to sell DRM protected songs that crash the user's computer.

    No, instead, this vulnerability would exist if people got a MP4 (AAC) song off a P2P fileshare where someone exploited the pre-4.8 iTunes.

    Again, your FUD is appreciated.

    --
    I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
    1. Re:Thanks for the FUD by ABaumann · · Score: 2, Insightful

      I was wondering when someone would play the troll card on this one. I'm certainly not surprised that it came in this form either. Other acceptable trolls would have been:

      - I told you OS X had major security issues.
      - I don't need to worry about it. iTunes doesn't run on my linux box.

      But yeah, of the three, yours is far better. I mean, since we all have hard disks and portable music players of infinite size, things like WAV and FLAC make perfect sense for the standard user. ...and don't give me that OGG or WMA is better then MP4/AAC bs because comparing lossy formats is just a waste of time.

  3. Slashdot News Hit With a New Stupid Title by fatalb7 · · Score: 2, Insightful


    Do we really need this kind sensationalism?
    The announce of the new version fixing this was posted on /. yesterday.

    Anything new?

  4. Update notice via iTunes by benwaggoner · · Score: 2, Insightful

    I just launched iTunes 4.7, and was prompted to download 4.8.

    Not via software update, but it's something.

    --

    My video compression blog