Slashdot Mirror


Apple iTunes Security Flaw Discovered?

brajesh writes "CNET News.com is reporting that a critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued by eEye Digital Security, a security research firm. The latest iTunes flaw affects all operating systems from Windows XP to Mac OS X, according to the advisory. The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update."

3 of 207 comments (clear)

  1. Wow. No Kidding. by IAmTheDave · · Score: 5, Interesting

    Wow. Software has flaw allowing remote hackery. This seems to be pretty typical of just about any piece of software written these days (or any days.)

    I guess the question is, do we measure a company and its software by its base security, or by how quickly it responds to a discovered threat? I'm personally inclined to lean towards the second.

    --
    Excuse my speling.
    Making The Bar Project
  2. Re:So what? And what do we know about this exploit by Justin_Schuh · · Score: 4, Interesting

    iTunes has a lot more attack surface than than just file sharing via Bonjour. There's the potential for privelege escalation or remote exploit via the iPod service that comes with it. I agree that playing the disclosure game does encourage security companies to release hazy vulnerabilities reports early and often. But dismissing a security threats is generally not a good idea either.

  3. Vector Speculation by frankie · · Score: 4, Interesting

    With nothing more to go on than a couple vague sentences from eEye, here's my guess:

    One major thing that make iTunes different from other music player apps is the Music Store integration, which operates as a limited web browser. On OSX it calls WebKit; on Windows either Apple built a custom minibrower or it calls Explorer. Does anyone know which, BTW?

    In any case, this means that iTunes accepts URLs, specifically itms://[...]. It's also capable (on OSX at least) of launching your default browser and other URL helper apps. I'm guessing that Apple did a bad job validating input, and a malicious itms URL could trick iTunes into launching a remote file as if it were a helper app. Hence the local user context. If this is the case, simply viewing an evil web page (with the itms URL as a redirect/iframe/img/whatever) in most browsers should be sufficient to start the attack.

    Hopefully someone will divulge the facts soon. Let's see if I'm even close.