“A critical vulnerability, found in some versions of Apple Computer’s popular iTunes, could enable attackers to remotely take over a user’s computer, according to a warning issued Thursday by a security research firm,” Dawn Kawamoto reports for CNET News. “The discovery of this flaw comes days after Apple issued its security update for iTunes 6 for Windows. This flaw existed on the earlier version of iTunes 6 for Windows and was not addressed by the newest security update, according to a warning issued by eEye Digital Security.”
“After eEye mistakenly posted a note on its Web site saying the iTunes flaw affected ‘all operating systems,’ the security firm updated its warning to indicate that the flaw had been found only on the Windows operating system so far,” Kawamoto reports. “However, eEye is now testing whether the flaw also affects iTunes running on Mac operating systems. Apple iTunes 6 for Windows, as well as the previous version, are affected by the flaw, said Steve Manzuik, product manager at eEye. The flaw enables malicious hackers to launch arbitrary code remotely, once a user clicks on a malicious Web site link or opens a malicious e-mail, Manzuik said.”
Full article here.
Advertisements: The New iPod with Video. The ultimate music + video experience on the go. From $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.00.
Related articles:
Security flaw discovered in some Apple iTunes versions – November 18, 2005
Just like we thought. It’s a Windows vulnerability.
~M
First post! Now that the important stuff is out of the way, is this security flaw primarily a result of a) Window’s inherently lax security, b) the difficulties in developing apps for Windows due to their ugly way of doing things or (least likely) c) a genuine mistake by Apple, and would the Mac version have the same flaw?
Mozfan, damn you.
‘all operating systems’
They meant nearly all operating systems, of course, which are used by doofuses unprotected by rudementary anti-virus.
Sigh.
So there was a flaw in the security analyst’s report of a flaw in security for iTunes. Go figure.
Sentinel
Talk about tunnel vision. Did you really not see my post, or did it take you 20 minutes to type that?
~M
Even if Apple can fix it, and OS should not ALLOW a bug in an app to cause such havoc! The OS should be protected FROM iTunes.
But it’s not, so the ball is in Apple’s court.
They are testing whether the same flaw is found in OS X? Yeah, right. Way to save face. The SAME flaw in both OS’s? Ha.
I hope Apple keeps on the ball and plugs all of the vulnerabilities that come up pronto.
I posted this at the other thread, but I doubt the trolls will be back there…
“Wow, I go away for a few hours and what do I find upon my return?
A new MDN thread about how this is only a Windows issue and not a single peep from the trolls in the above thread.
In a way I feel sorry for y’all trolls. First you are stuck with Windows, then you can’t seem to see a better way. You spend all your time on a Mac news site (when you aren’t busy trying to clean the latest virus/trojan/adware/spyware crap off of an (sorry to point this out) egregiously ugly computer.
You sit back and pray to Uncle Bill to please let some of Windows POSness rub off on a Mac, any Mac, anywhere. Finally your big news comes in and you put down the joystick and Cheetos long enough to flame a bunch of Mac users who take a break from making out with hot women and creating greatness on the most stunningly attractive and capable computers ever made so they can point out how sad you are.
Within minutes these Mac-ists decimate your posts, laugh at you (or with you if it makes you feel better) and prove how pathetic your system is. All the while extending the hand of friendship and imploring you to try the better way.
Hours later all the proof is there in a headline fairly screaming that once again, it’s Windows that has the problem. That must suck.
Bad.
No wonder y’all are wound so tight.
If you don’t want to be happy, hang out at a Windows user forum (all those people are miserable last I checked) because we are pretty much enjoying life here in Mac-land. If you want to stay, don’t be surprised if you catch flack.
And don’t be surprised if you start wondering what it would be like to work on a Mac. We won’t tell anyone (we haven’t told about your iPod or your big poster of Steve photoshopped in next to Bill) and there might be hope for you yet.”
I get tired of being nice to people who come here just to flame us.
I am a Mac user and proud of it.
I am hard on these people because I was like them not too long ago (not that bad, I mean I can spell and stuff) and I made fun of Mac users, made fun of Macs, disparaged Steve (sorry, Steve) and generally made myself look bad.
Now that I know better, I can’t help but tell these people they are flat-out wrong. Like an ex-junkie who has no tolerance for the excuses of those still strung out, I’m the last person they should try to convince.
~M
According to a post on /. it is a pretty obscure flaw in iTunes that is unlikely to be compromised or used to compromise any machines
http://apple.slashdot.org/article.pl?sid=05/11/18/1626240&from=rss
well said, mozfan! especially the joystick/cheetos part. isn’t it funny how the windows elitists claim that games are why windows computers sell so massively? it’s the last thing they have superiority of over macs, and as such they make it sound like THAT is why everyone wants a windows computer! forget the fact that crappy commodity boxes are being forcefed to the masses, nah, it must be that geforce 7800gtx that grandma needs to check her email and chat with her bridge club. but in six months that video card will be teH sUxx0rz so granny needs to shell out another $400 or more to update that, and she needs to pony up another $x a month for norton crap (she doesn’t know anything about the freeware alternatives because the nice best buy kid didn’t mention them – surprise!)
ah, getting off on a tangent is really easy to do when you start talking about the flaws in the windows world.
MW: ill, as in, why can’t illnesses that windows PCs get be FATAL already?
Windows Sucks!
Yeah way to go Mozfan, it’s true us macheads do get to make out with all the hot women and of course actually make something with our computers instead of having to fight it before anything can be done with it.
You Windows apologists would feel a whole lot better when you make the switch to the Mac along with enjoying a much better love life that’ll turn your Windows using friends green with envy with that hot chick you’re dating, making out and enjoying life with.
Along with actually getting something ‘insanely great’ done with your Mac as well!
MW: ‘days’ as in a few days time once again you will have to clean out your computer of all that crap.
Guys,
I have been a PowerMac user for nearly 5 years now, but presently I am single.
Will someone please tell me which application or secret Finder commands I must use to score the HOT CHICKS??? Apparently, it’s the one thing I haven’t figured out, in spite of the fact that I am a high end user.
Pleeeeeeeeeeeease help!!!
If you don’t tell me the secret, I am going back to the girlfriendless world of Windows! (Naagh, just kiddin’).
MDN Word: “Order” as in … oh you get the picture
Well, Brad T, you either got it or you ain’t: money or technique – if you’ve got one you won’t need the other.
eEye is now testing whether the flaw also affects iTunes running on Mac operating systems.
…and it’s trying reaaallly hard to find something. That would qualify it for a special Microsoft contract worth $500,000 to do … er, some publicity work with CNot, ZDNot….
MW: “theory.”
Okay so Apple made iTunes so it screws up Windows computers…nothing wrong with that, right???
I mean Sony did the same basic thing – released a CD that exposes a Windows computer to vulnerabilities and look what´s happening to them.
Go Apple – bring down those Windows computers!!! Create opportunites for viruses and whatnot so they will switch to Apple Computers!!!!
Yay!!!
I mean if I was an Windows owner and found that Apple made some faulty software that is causing my computer to be exposed to evil viruses I would not think badly of them and their abilities.
Go Apple!
“The flaw enables malicious hackers to launch arbitrary code remotely, once a user clicks on a malicious Web site link or opens a malicious e-mail, Manzuik said.”
Once the user clicks on a malicious Web site or opens and email? And how is this a problem caused by iTunes?
To Brad;
My suggestion is to hang out at your local Apple Store.
The Genius Bar in NY is apparently a hot pick-up spot.
Here in South Florida our stores always have a few bee oo tee ful ladies.
http://homepage.mac.com/anim8me2/PhotoAlbum126.html
This was Panther night from a coupla years back, but there are always pretty ladies around.
Mozfan you are the man!
Is it even possible to write secure code to run on windblows?
MMW: “point”, what’s the point in trying?
Really: Are you serious? Man, your really, really strecthing it here. Sony’s XCP code was deleberate, it acts like virus software and hides deep inside a computer where it leaves the backdoor open for malicious hackers. They make it virtually impossible to get rid of.
What Apple did, is a bug. I’m sure it wasn’t intentional. And you know what, you can remove iTunes and your problem is solved! Gasp!
The big issue here is that Windows is sooooo easy to hack, wether intentionally or un-intentionally, that it’s just begining to look pathetic.
If you want to make an argument, compare Apples to Apples and quit trying to justify your swiss cheese of an operating system.
shipwithsails; “And how is this a problem caused by iTunes?”
Gee that´s a tough one shipwithsails – read First half of first sentence in article above:
“A critical vulnerability, found in some versions of Apple Computer’s popular iTunes,
Mozfan – great photos – go into Victoria´s Secret or any local grocery store – you get lots of photos of womens backs there, too!
Brad T,
If you are having trouble getting “hot chicks,” listen to Tom Leykis every day on the radio.
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
Go to BlowMeUpTom.com to see where on the dial he is playing. If he is not playing in your city, you can go to that same web site to listen live from the web.
Leykis 101 is a class, it will take time to learn all the tricks and avoid the pitfalls but it works!
After you get the girls, then you can show off your shinny new mac!
So Apple finally makes something that is vulnerable and it — only runs on Windows?!?!?
Sorry for the pause, I was on the floor dying from laughter!!!
When someone makes software for Windows that is NOT vulnerable, THAT will be worth a headline!