Critical iTunes security hole
p2p news / p2pnet: All versions of iTunes for Windows, including the most recent iTunes 6, have a critical security flaw leaves users’ systems open to hackers, says a security firm.
The flaw was reported by eEye Digital Security on Thursday which initially said all systems, including Macs, were affected.
A remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user, it said.
However, an update says the flaw had been found only on Windows so far, says CNET News.
The company is currently running tests to see if testing the flaw also affects iTunes on Macs, says the story.
“The flaw enables malicious hackers to launch arbitrary code remotely, once a user clicks on a malicious Web site link or opens a malicious e-mail,” eEyeproduct manager Steve Manzuik is quoted as saying.
The hole was found shortly after Apple posted security updates for QuickTime and iTunes.
See:-
CNET News – Apple iTunes security flaw discovered, November 18, 2005
November 19th, 2005 at 5:56 pm
ITunes, whats that? some kind of DRM infected crap? who cares, not me
November 19th, 2005 at 5:58 pm
The Whoever is dumb enough to use this rubbish deserves everything they get, including buffer overruns galore.
November 19th, 2005 at 6:56 pm
wots a buffer overrun?
wots a itune?
November 20th, 2005 at 1:54 am
Another day another Criticial Security Hole.
It’s called cutting costs to save money by not doing enough testing. Too bad it doesn’t work that way, because you end up spending more time (and money) fixing and refixing and unfixing that fix before trying a different fix for the first fix etc etc etc etc. You wind up spending a lot more money on all this fixing than you would ever have spent on complete testing in the first place.
Of course try explaining something like that to a beancounter and you’ll get to watch their eyes glaze over as their tiny mind fails to keep up.