Apple iTunes Security Flaw Discovered?

← Back to Stories (view on slashdot.org)

Apple iTunes Security Flaw Discovered?

Posted by Zonk on Friday November 18, 2005 @06:46AM from the unfortunate-song dept.

brajesh writes "CNET News.com is reporting that a critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued by eEye Digital Security, a security research firm. The latest iTunes flaw affects all operating systems from Windows XP to Mac OS X, according to the advisory. The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update."

7 of 207 comments (clear)

Min score:

Reason:

Sort:

Only as root by Anonymous Coward · 2005-11-18 06:49 · Score: 5, Informative

What TFA doesn't point out is that this will only affect OS X users if you're logged in as root.
quicktime standalone by ubergrits · 2005-11-18 06:50 · Score: 5, Informative

You can get it without iTunes from here: http://www.apple.com/quicktime/download/standalone .html
Vulnerable Operating Systems by xWastedMindx · 2005-11-18 06:56 · Score: 5, Informative

Operating Systems Affected:
All Microsoft Operatins Systems no where does this advisory say that OSX is affected, or any other operating system for that matter. This is Windows-Only, as usual.
1. Re:Vulnerable Operating Systems by brajesh · 2005-11-18 07:13 · Score: 4, Informative
  
  eEye has modified the security advisory page within last few hours. my personal GDS cache still shows the flaw affecting all operating systems, as it was when I submitted the story.
  
  --
  95% of all sigs are made up.
from TFA by circusboy · 2005-11-18 07:20 · Score: 5, Informative

This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.

Emphasis mine.

It would seem that remote attacks not possible unless the attacker had direct access to the machine in question first.

--
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
Correction by U2C · 2005-11-18 08:36 · Score: 4, Informative

": This story initially quoted an incorrect report on the eEye Digital Security Web site saying an iTunes security flaw affected both Windows and Mac operating systems. To clarify, eEye is still testing the flaw on the Mac OS."

--
My parents went to Las Vegas so that i could witness "'Peak Oil'".
Does not affect Mac OS X by Raffaello · 2005-11-18 09:29 · Score: 4, Informative

The advisory has been corrected.

After eEye mistakenly posted a note on its Web site saying the iTunes flaw affected "all operating systems," the security firm updated its warning to indicate that the flaw had been found only on the Windows operating system so far.

from the corrected advisory:

Operating Systems Affected:
All Microsoft Operatins Systems

No other OSes listed, just MS. So Mac OS X is not known to be affected.