TELECOM Digest OnLine - Sorted: Apple iTunes Security Flaw Discovered

Apple iTunes Security Flaw Discovered

Monty Solomon (
Fri, 18 Nov 2005 17:33:32 -0500

By Dawn Kawamoto
Story last modified Fri Nov 18 07:10:00 PST 2005

A correction was made to this story. Read below for details.

A critical vulnerability, found in some versions of Apple Computer's
popular iTunes, could enable attackers to remotely take over a user's
computer, according to a warning issued Thursday by a security
research firm.

The discovery of this flaw comes days after Apple issued its security
update for iTunes 6 for Windows.

This flaw existed on the earlier version of iTunes 6 for Windows and
was not addressed by the newest security update, according to a
warning issued by eEye Digital Security.

After eEye mistakenly posted a note on its Web site saying the iTunes
flaw affected "all operating systems," the security firm updated its
warning to indicate that the flaw had been found only on the Windows
operating system so far.

However, eEye is now testing whether the flaw also affects iTunes
running on Mac operating systems.

Apple iTunes 6 for Windows, as well as the previous version, are
affected by the flaw, said Steve Manzuik, product manager at eEye.

The flaw enables malicious hackers to launch arbitrary code remotely,
once a user clicks on a malicious Web site link or opens a malicious
e-mail, Manzuik said.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Rik: "Lingo Phone Can't Port Number"
Go to Previous message: Matt Moore: "Technology Summit Wraps up in Tunisia"
TELECOM Digest: Home Page