• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

PSA: Apple iTunes security flaw discovered!

Zim Hosein

Zim Hosein

Super Moderator | Elite Member
Super Moderator
A critical vulnerability, found in some versions of Apple Computer's popular iTunes, could enable attackers to remotely take over a user's computer, according to a warning issued Thursday by a security research firm.

The discovery of this flaw comes days after Apple issued its security update for iTunes 6 for Windows.

This flaw existed on the earlier version of iTunes 6 for Windows and was not addressed by the newest security update, according to a warning issued by eEye Digital Security.

After eEye mistakenly posted a note on its Web site saying the iTunes flaw affected "all operating systems," the security firm updated its warning to indicate that the flaw had been found only on the Windows operating system so far.

However, eEye is now testing whether the flaw also affects iTunes running on Mac operating systems.

Apple iTunes 6 for Windows, as well as the previous version, are affected by the flaw, said Steve Manzuik, product manager at eEye.

The flaw enables malicious hackers to launch arbitrary code remotely, once a user clicks on a malicious Web site link or opens a malicious e-mail, Manzuik said.

"iTunes is widespread, so there is a large exploit base," Manzuik said, noting that no exploit code has been published to date.

Previous Next When Apple released its iTunes 6 for Windows security patch earlier this week, it was designed to prevent the wrong helper application from launching.

The helper program searches multiple system paths to figure out which program to run, but the flaw could allow an attacker to create a way for an alternate program to be initiated by iTunes.

An Apple representative was not available for comment, but the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according a posting on its Web site.

eEye says it does not provide extensive details on security flaws until a vendor has released a patch to resolve the flaw.

Correction: This story initially quoted an incorrect report on the eEye Digital Security Web site saying an iTunes security flaw affected both Windows and Mac operating systems. To clarify, eEye is still testing the flaw on the Mac OS.
Click to expand...

Apple iTunes security flaw discovered
 
I guess this security flaw is like the +100,000 out there for windows already, that require the numbfvck user to click on a link or open a mysterious email?

Darwinism also applies ten-fold to the intarveb. Weed 'em out!
 
Originally posted by: ktehmok
I guess this security flaw is like the +100,000 out there for windows already, that require the numbfvck user to click on a link or open a mysterious email?

Darwinism also applies ten-fold to the intarveb. Weed 'em out!
Click to expand...

darwinism ain't so bad, until those zombie computers are one day directed to bomb your isp or web site you regularly visit.
 
I kind of wondered what was up today when out of nowhere FF opened and tried to open like 15 tabs at once and they were all just different numbers, not even real web addresses. Wonder if that's what it was. But I'm still on version 4.x.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top