A critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued Thursday by a security research firm.
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update. The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security. This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user's computer.
News source: C|Net News.com
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update. The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security. This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user's computer.
To all you Xbox holders...will you be rushing to the stores to get your copy of HL:2?
-Enan Hawk

"Protection: Blink Endpoint Vulnerability Prevention mitigates any potential exploitation of this vulnerability, without requiring a patch or invasive firewall actions."
Blink is, of course, made by eEye. So the solution to a problem we've found, that isn't even very well explained, is to buy our product so you are protected!
I smell a troll.
Did you miss that sentence?
So no, so far this is not a Mac OS X problem. They are still trying to determine that.
Are we then going to argue that its a Microsoft problem? I sure hope not.
It does not appear to affect OS X because of differing OS design.
Because of this, it’s the sole responsibility of developers to secure their code; it wasn't viewed by Microsoft that software should be considered dangerous, as an example.
Furthermore, Windows XP has the ability to use limited-user rights (Power Users), its not used by default. This has changed and will be seen in Windows Vista.
parithon, it is indeed the responsibility of the developers of applications to secure their code but it is also the responsibility of OS developers to do the same.
I don't buy the suggestion that XP was designed in an era of less hacks and exploits. Windows NT 3.x-4.x and 2000 where targets of various viruses and worms long before XP was out of beta. I was an official beta tester of XP. Windows 9x was most definately being targeted as well.
When XP was in development, they already had a significant precedent and they should have designed XP with a limited administrator account.
Vista will have a limited administrator account which will have to authenticate temporarily to perform "Root" maintenance tasks. This feature has been present in OS X and linux for years in the form of the "sudo" command.
THANK YOU! Someone finally said it.
Which is why I don't buy the whole non hacker issue before XP. UNIX itself was built with "Root" access for a reason.
Even if that was true it doesn't change the fact that the flaw is in Apple code. Some have made the point that XP is at fault because it defaults everyone to Admin, which is partly true. But, a hacker taking over a limited account can still cause a lot of problems, they could access to delete any data that user has access to (ie, all your files!).
It's a different world today, users are more ready than ever to deal with extra steps to install or use their OS in the face of security.
So does this mean it can't really do much damage if you aren't running as root?
Last edited by 11680 on 19 Nov 2005 - 20:19
Just Kidding, but I think they're real arse holes for telling you no other way to fix this problem other than to buy their product that probally sucks.
It wasn't meant to spark any flaming discussion. Just to quietly address why I thought it was funny in a few words for those who would get it. Maybe I was to vague.
*Note: I am by no means an Apple fanboy. I just think Apple allows their developers to write more secure code as a result of the OS design.
Last edited by 11680 on 20 Nov 2005 - 20:07
Let's keep this civil
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.