“A critical vulnerability has been found in some versions of Apple’s popular iTunes that could allow attackers to remotely take over a user’s computer, according to a warning issued Thursday by a security research firm,” Dawn Kawamoto reports for CNET News. “The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update. The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security. This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer.”
“eEye does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw,” Kawamoto reports.
Full article here.
Advertisements: The New iPod with Video. The ultimate music + video experience on the go. From $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.00.
Don’t steal music!
THAT’s IT…I’m going back to windows.
So let’s count the days until Apple releases an iTunes update.
I WILL FORCE YOU TO LISTEN TO ABBA!
Which versions of iTunes? Apple claims to have fixed it in iTunes 5.
If you’ve read the actual article, you’ll notice that it’s on the site of a company that sells security software. The warning even recommends their very own software to secure the alleged flaw.
Is this just FUD to get people to buy their software?
All your base Belong to us
http://base.google.com/base/default?gsessionid=PQgW5RE98b0
This is meaningless until it comes from a REAL source that’s not trying to sell something.
Let me guess: actually carrying out an attack with this flaw would require the most absurd conjunction of multiple factors, including tremendous luck, access to the computer physically, an admin password, and a bent paperclip.
We just don’t know.
Let’s see if viruses use this the way the use those Sony “CDs”–there are a LOT more iTunes users out there to make that attack worth it.
If not, then I’m not worried.
What’s MDN’s take on this?
So do us Mac users now have an insecure operating system? Does this now vindicate Windows as the only non secure OS?
Or is eEye Digital Security on the payroll of Microsoft?
You guys tell me.
Until we hear some real details from an independent source, I’m going to remain quite skeptical. Especially considering the “OS X Virus” that was reported last year that turned out to be a bogus ploy to sell unneeded anti-virus software.
yeah right… so this is like how remote? wouldn’t they need to be on the same subnet? in majority of cases that isn’t going to be a problem. my seven year old daughters and their mother are hardly likely to take over my computer for their nefarious ends. apple will patch in four days time. end of story. another look at me story from a secuirty company looking to generate some business. ha!
A quick google reveals that the press is all over this. there are, however, no details about this. the only sure thing is that eEye Digital Security hopes to sell their software to iTunes users. I’ll bet that it does not even run an a Mac and OS X.
Has any end user actually been impacted by this “vulnerability” or is this just another “proof of concept” like last time? If no one has actually been effected, then this is simply another non-story being drummed up to sell some crappy security software.
Interesting how the readers of this site apply a different level of skepticism to reports of security flaws under MacOS to those of reports under Windows. It’s security firms that report the vast majority of Windows vulnerabilities too.
As always, apply the impartiality test: if you swap the words “Apple” and “Microsoft”, and “MacOS” and “Windows”, would your reaction be the same?
Hey, Illusion — it’s . . .
“All your base are belong to us!”
Get it right, tool.
Uhh, NO, Reality Dork — my reaction WOULDN’T be the same. And do you know why, idgit?
BECAUSE MICROSHIT HAS A VAST AND SEEMINGLY NEVER-ENDING TRACK RECORD OF VIRII AND MALWARE EXPLOITS AND SECURITY BREACHES AND ON AND ON AND ON . . .
Does THAT make any sense to you, lingham?
“This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer.”
GasP!!!! If this was a MIcrosoft product MDN or SONY (boycott them says MDN for putting code in computers) would be screaming bloody murder, pounding the table, calling Gates names….but since it is Apple…no problem.
You the Apple consumer are the problem if you don´t understand that it does not really matter if malicious hackers to launch arbitrary code remotely, which in turn can take control of a user’s computer. It´s a Mac.
MDN – when does the Apple boycott start??????
” width=”19″ height=”19″ alt=”cheese” style=”border:0;” />
TAKE THAT AND SMOKE IT, MAC DOLTS! HAHAHAHAHA
Get over it, Microsoft apologists.
We Mac users don’t even bother to complain about Microsoft security flaws. They’re not an interesting point of conversation because there are so freaking many of them. What interests us are actual exploits, deployed on real users’ machines. NOBODY ever said Mac OS X has zero security flaws. There have been many, and all of the known ones have been patched quickly. This one will be too. Probably within days. But there have been zero viruses on Mac OS X.
Just get over it.
hey sum:
what a load of utter croak and bs. every chance your maczombies get, you are whining and dining about windows insecurities. i’m a linunxhead myself but that is a biggest croak of s#$# i have ever seen. almost as bad as the WMD/Iraq/Link to Al-Quida bulls$#$
Bill Gates: I like that Delmyra boy, even if he does wake up in a puddle of his boyfriend’s spittle every morning. Put him on the payroll.
Lackey: But he’s already on the payroll, sir.
Bill Gates: Egg-cellent.
Wow, talk about an inferiority complex. All the Windows apologists are out of the woodwork to gloat about… what, exactly? What flaw are we talking about? Precisely how would an attacker use this to hack OS X? We all KNOW how it works in Windows.
Call me unconcerned until an actual OS X exploit is reported. You know, like they are on Windows every few days?
this from a poster that has a nick name called “LordRobin” how fruitbucket is that? Are you the sheriff of sherwood forest? LOL
Wear green tights? Have a pointed hat? Swing from trees? LordRobin’s your poster!
Wake me up when someone is actually affected by this issue.
There are no details about this exploit, because it would require the computer to be placed in a busy public area, turned on and running as root user, allowing every crackhead in the area to use the computer, have the crackhead open up iTunes, the crackhead must hear the one anti-crackhead song that will enrage him, which in turn will cause the crackhead to destroy the computer monitor.
There you are, the worlds first monitor exploit.
It reads…
Date Reported:
November 17, 2005
Vendor:
Apple
Description:
A remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user.
Severity:
High (Remote Code Execution)
Software Affected:
Various Apple iTunes versions
Operating Systems Affected:
All Microsoft Operatins Systems
Status:
Initial report stage
—> Am I missing the one that says Mac OSX? Did they revise their bullshite statement? Did somebody misquote them? Did they check the dictionary to speel Operating (Operatins) correctly.