James Delahunty
20 Nov 2005 20:33
A security flaw has been discovered in some versions of Apple's iTunes software that could allow an attacker to take over a remote computer, according to a warning issued by eEye Digital Security. The flaw existed on earlier versions of iTunes 6 for the Windows operating system and was not addressed by the latest security update issued by Apple. So far it seems to only affect iTunes software on the Windows operating system, but the firm is still researching how the flaw could affect iTunes running on a Mac.
iTunes 6 and previous versions are affected by the flaw according to the product manager at eEye, Steve Manzuik. The flaw could allow an attacker to rub arbitrary code on a remote system if a user clicked on a malicious website link or opened a malicious email. "iTunes is widespread, so there is a large exploit base," Manzuik said. Apple didn't comment on the flaw however, as it is company policy to not discuss or confirm security flaws until an investigation has been conducted and patches have been issued.
Source:
News.com