iTunes flaw helps hackers
Published: 18 Nov 2005 16:05 GMT
A critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued on Thursday by a security research firm.
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update.
The latest iTunes flaw has been confirmed on Windows, and is being investigated on Mac OS X, according to a security warning issued by eEye Digital Security.
This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user's computer.
Although an Apple spokesman was not immediately available for comment, the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according to Apple's posting on its site. eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.
When Apple released its iTunes 6 for Windows security patch earlier this week, it was designed to prevent the wrong helper application from launching. The helper program searches multiple system paths to figure out which program to run, but the flaw could allow an attacker to create a way for an alternate program to be initiated by iTunes.
Did you find this article useful?
64 out of 116 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
1 comment
