Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iTunes Security Flaw Discovered?

Posted by Zonk on Friday November 18, 2005 @06:46AM from the unfortunate-song dept.

brajesh writes "CNET News.com is reporting that a critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued by eEye Digital Security, a security research firm. The latest iTunes flaw affects all operating systems from Windows XP to Mac OS X, according to the advisory. The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update."

4 of 207 comments (clear)

Min score:

Reason:

Sort:

Only as root by Anonymous Coward · 2005-11-18 06:49 · Score: 5, Informative

What TFA doesn't point out is that this will only affect OS X users if you're logged in as root.
quicktime standalone by ubergrits · 2005-11-18 06:50 · Score: 5, Informative

You can get it without iTunes from here: http://www.apple.com/quicktime/download/standalone .html
Vulnerable Operating Systems by xWastedMindx · 2005-11-18 06:56 · Score: 5, Informative

Operating Systems Affected:
All Microsoft Operatins Systems no where does this advisory say that OSX is affected, or any other operating system for that matter. This is Windows-Only, as usual.
from TFA by circusboy · 2005-11-18 07:20 · Score: 5, Informative

This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.

Emphasis mine.

It would seem that remote attacks not possible unless the attacker had direct access to the machine in question first.

--
-- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)