Computer Crime Research Center


Apple iTunes found vulnerable

Date: November 21, 2005
Source: InformationWeek

Just days after Apple Computer updated the Windows version of its popular iTunes software, a security firm warned that a new critical vulnerability in the program could let attackers grab control of PCs and Macs.

According to an alert posted Thursday by eEye Digital Security, a "remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user." The security vendor traditionally doesn't provide details on vulnerabilities it discovers until the affected vendor produces a patch.

On Tuesday, Apple released a security update to iTunes 6 for Windows; the bug reported by eEye, however, wasn't addressed in that fix.

Also on Thursday, eEye warned of a similarly-critical bug in various versions of Apple's QuickTime media player on both the Windows and Mac platforms. That vulnerability can also be exploited remotely, and might result in an attacker grabbing control of the victimized computer.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo