Security warning issued for iTunes
19 January 2005
Code that allows hackers to exploit a vulnerability in Apple's iTunes software has reportedly surfaced.
The code, posted on the Bugtraq mailing list, is designed purely as a proof of concept and contains no virus or Trojan payload. The code was posted on the site under the name 'Nemo', and acknowldeging the help of three friends, 'andrewg', 'mercy' and 'core', the
"Here is some code to exploit the vulnerability. It will generate a *.pls file which, when opened with iTunes 4.7, will bind a shell on port 4444," 'Nemo' wrote.
A warning has been issued to users of early versions of iTunes. Hackers can build malicious playlist files which crash the application and can then insert code, either to spread a virus or allow the attacker to take control of the host PC.
The latest version, iTunes 4.7.1, is not affected by the vulnerability and can be downloaded from Apple's website. Security firm iDefence, which notified users of the problem, recommended that users upgrade to iTunes version 4.7.1.
The security firm says users should avoid clicking on or accessing playlist files that have the file extension .pls or .m3u and have come from unknown sources.
iTunes is the world's most popular online music store and has seen more than 200 million songs downloaded since it launched in 2003.
Apply for your free web assessment - get a complete health check and optimisation action plan from Weboptimiser, the experts.
Related news
|
|
Leading brand search engine marketing since 1996
Founded in 1996 as an SEO company, Weboptimiser is today one of the Internet marketing sector's best-known and most respected search engine optimisation (SEO) and pay per click (PPC) search engine marketing companies.
With a unique portfolio of brand-friendly services, including usability, contextual advertising and web analytics, a pioneering methodology that covers all 4 stages of interaction between a web site and its visitors, we make our clients sites faster, smarter, busier and more profitable.
