“A newly discovered flaw in iTunes and QuickTime could allow malicious users to compromise users’ systems, according to a new report. Security site Secunia says that a vulnerability in Apple’s QuickTime 7.03 player and iTunes 6.01.3 could be exploited by malicious users to cause a DoS (Denial of Service) attack. The site, however, says the ‘moderately critical’ vulnerability has an ‘unknown impact’ and was unable to confirm arbitrary code execution,” MacNN reports. “The site recommends that users not open .mov media files from untrusted sources to avoid exposing the flaw until Apple issues an update.”
Secunia: Versions Affected:
Apple Quicktime 7.0.3 on OS X 10.4.3
Apple iTunes 6.0.1 (3) on OSX 10.4.3
Apple Quicktime 7.0.3 on Win32
Apple iTunes 6.0.1 (3) on Win32
Advertisements:
• The New iPod with Video. The ultimate music & video experience on the go. From $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.00.
• The New iMac G5. Built-in camera and remote control. From $1299. Free shipping.
• Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.
Related MacDailyNews articles:
Security flaw in Apple iTunes 6 affects Windows version – November 19, 2005
Think we’ll see updates that close these holes before they go on vacation?
don´t worry – us mac users are invulnerable to any outside interference. just the pc weenies who should be sweating it.
Secunia is reporting on a ‘moderately critical’ vulnerability that they don’t know is a problem (“unknown impact”) and that they can’t confirm can be exploited (“unable to confirm arbitrary code execution”).
Thanks for the warning.
Uh, give me a (*&(( break. That’s basically the warning that’s issued on ANY FILE from ANY untrusted source.
What? A flaw in iTunes and QuickTime?
“”The site recommends that users not open .mov media files from untrusted sources to avoid exposing the flaw until Apple issues an update.”
Rats. Now what am I going to do with all those videos from http://www.pinkworld.com?
And you’d a thought with all the publicity a hacker would get cracking in to a Mac, they’d have done it by now. So as the haven’t, can I assume that they can’t?
CRAPPLE SUCKS
Secunia Exec: “Run fer the hillz! Ya cain’t trust NOBODY!
” width=”19″ height=”19″ alt=”big surprise” style=”border:0;” /> “
Ya, right.
” width=”19″ height=”19″ alt=”hmmm” style=”border:0;” />
Here’s a warning:
During your life something bad might happen but you can prevent that by not doing things that will cause bad things to happen. However, at this time, we are unable to verify or deny this warning.
Must be sluggish sells of whatever crappy product Secunia owns.
MDNMW == “Closed” as in “You should keep your mouth that way if you don’t have anything good to say.”
Whew!!! Now I know its a flaw in iTunes. I thought something was wrong when I tried to play an Ashley Simpson tune. Good to know its iTunes and not her.
Do not worry. Local Leader Steve J is on this. This is all nothing more than another well-planned ruse to lure the pathetic Windows-using scum from hiding.
When the plan for world computer domination by Relnack is complete, all Windows ideologues will be vaporized the next time they launch a bat.sys file. Local Leader Steve J has foretold it.
And it . . . will . . . be . . . glorious!
Watch out! MDN’s deleting posts again!
anon,
MDN has turned into a PC Nazi thought control camp. If you say any thing negative about their pimp Steve it gets deleted. I think MDN is run by a bunch of fags.
Secunia is reporting on a ‘moderately critical’ vulnerability that they don’t know is a problem (“unknown impact”) and that they can’t confirm can be exploited (“unable to confirm arbitrary code execution”).
Is this a yellow, orange or red on the Secuna scale of bullshit alerts without any basis designed to drum up some web traffic?
$ymantec and these fskers issue these baseless, vague warnings the way regular companies issues press releases.
Wonder why they were “unable to confirm arbitrary code execution”? Suppose it has anything to do with the Mac’s inherent, built-in, Ft. Knox security? C’mon Secunia, make me send an email when I play your proof-of-concept .MOV.
iDon’t,
Ashley Simpson’s voice broke my iTunes. I think her voice is a virus. I would rather listen to 50Cent than that dumb ho. I do wonder what she looks like naked tho. I know that you are a lisbo freak, so do you have any good pics of her? Send them to our special meeting spot OK. You do look good on iSight too. How did you do that?
iDon’t — I’ve never had any of my posts “deleted”, you suckhole.
Maybe it’s your bad breath, you sexchange slut.
“Moderately critical” my ass.
Seems now Norton AntiVirus has a critical security flaw. What goes around…
iDon’t’s Ass said:
“iDon’t — I’ve never had any of my posts “deleted”, you suckhole.”
Maybe its because you say whatever MDN wants you to say. That is the sign of a true passive fag. I bet you play with dolls too. You can use foul language and it stays but say the least little thing negative about Pimp Daddy God on Earth Steve Jobs and the post is erased. I bet you would give old SJ a BJ if you had the chance.
“Maybe it’s your bad breath, you sexchange slut.”
I’m a virgin.
Just had my first shut down in 7 months, (other than restarts because of updates). This one was because of a power failure in the area.
NO viruses or that other MS stuff.
I’ve read this news and have thought about it — I’m going to sell all my Apple gear and get a Windows PC.
I just thought I’d say that to see what it felt like. It’s rather unpleasant, like when you feel like you’re going to throw up.
We now return you to OS X.
THis was a waste of webspace, posting thing dumb ass warning. post something when it’s confirmed, not before. Freaking Secunia.
the old I need attention post for more hits.
The sky is falling, the sky is falling, the sky is…
let me know when someone actually gets attacked by this flaw and then perhaps i might raise an eyebrow.
now.. back to my Frontrow movie
anon and iDon’t…go troll somewhere else. Your garbage is not wanted here.