Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple iTunes Security Flaw Discovered?

Posted by Zonk on from the unfortunate-song dept.

brajesh writes "CNET News.com is reporting that a critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued by eEye Digital Security, a security research firm. The latest iTunes flaw affects all operating systems from Windows XP to Mac OS X, according to the advisory. The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update."

7 of 207 comments (clear)

  1. Wow. No Kidding. by IAmTheDave · · Score: 5, Interesting

    Wow. Software has flaw allowing remote hackery. This seems to be pretty typical of just about any piece of software written these days (or any days.)

    I guess the question is, do we measure a company and its software by its base security, or by how quickly it responds to a discovered threat? I'm personally inclined to lean towards the second.

    --
    Excuse my speling.
    Making The Bar Project
  2. Only as root by Anonymous Coward · · Score: 5, Informative

    What TFA doesn't point out is that this will only affect OS X users if you're logged in as root.

  3. quicktime standalone by ubergrits · · Score: 5, Informative

    You can get it without iTunes from here: http://www.apple.com/quicktime/download/standalone .html

  4. And The Score Is... by RapidEye · · Score: 5, Funny

    Apple Hackers: 1
    Linux Hackers: 2
    Windows Hackers: 134,443,229

    You guys still got a ways to go... =-)

    --
    "Murderer? Well, that's a harsh word. I prefer to think of myself as a Mortality Technician."
  5. Vulnerable Operating Systems by xWastedMindx · · Score: 5, Informative

    Operating Systems Affected:
    All Microsoft Operatins Systems     no where does this advisory say that OSX is affected, or any other operating system for that matter. This is Windows-Only, as usual.

  6. from TFA by circusboy · · Score: 5, Informative

    This may allow a malicious user on the local system to create an environment where an alternate program will be executed by iTunes.

    Emphasis mine.

    It would seem that remote attacks not possible unless the attacker had direct access to the machine in question first.

    --
    -- it's ridiculous how many people misspell ridiculous... (damn, damn, damn...)
  7. Ah, the old Macdonald exploit... by g0at · · Score: 5, Funny

    Is this a case of eEye E-I/O?

    -b

    --
    myselfmusic