Text Size

Apple closes iTunes security hole, disables PyMusique

updated 06:15 pm EST, Mon March 21, 2005

Apple disables PyMusique

Apple has access to the iTunes Music Store as well as purchase song stripped of any copy-protection. Released last week, PyMusique provided an alternative interface to the iTunes Music Store: it allowed users to register at the store, purchase music, and download songs (multiple times) without the playback restrictions associated with Apple's FairPlay DRM. Apple said it closed the security hole that opened a "backdoor" into the iTunes system, allowing PyMusique access to the software, according to ZDNet. Some iTunes customers--as many as 15 percent of users--would need to upgrade their software. "The security hole in the iTunes Music Store which was recently exploited has been closed, and as a consequence the iTunes Music Store will now sell music only to customers using iTunes version 4.7."

 
Previous Comments

Hu!

03/21, 06:40pm reply

Who didn't see that coming?

history1me

Mac Elite

Joined: Sep 2003

0

it will get hacked again

03/21, 06:51pm reply

It will get hacked again in a couple weeks and the cycle of it getting hacked, then apple fixing it will continue.

dole

Forum Regular

Joined: Dec 2002

0

That was fast....

03/21, 07:03pm reply

I'm sure the music a-holes weren't too happy.

Eriamjh

Addicted to MacNN

Joined: Oct 2001

0

Only Problem...

03/21, 09:26pm reply

The sad thing is that the hack only boldens the RIAA position on on-line sales, ect. Their response will be to try and tighten it up even more. I know there are those that want/will hack DRM. But I wish they would leave the ones that are reseaonable alone. iTunes isn't the greatest DRM but it's the best of the alternatives. A business is never going to say, "gee they don't like the DRM let's just give the stuff away"

IonCable

Mac Enthusiast

Joined: Apr 2001

0

Depends on the fix...

03/21, 10:07pm reply

If Apple fixed it by doing the encoding on the server instead of in iTunes, then they can't break it again because there's no longer any encryption step to bypass.

They can still decrypt it themselves, by winkling the key out of iTunes or the iTMS, but this particular hole *can* be closed.

resuna

Fresh-Faced Recruit

Joined: Jan 2005

0

Re: Depends

03/21, 10:17pm reply

If Apple fixed it by doing the encoding on the server instead of in iTunes, then they can't break it again because there's no longer any encryption step to bypass.

Not necessarily. If they had updated iTunes 4.7 to communicate securely with the iTunes server (making sure some key is passed/encoded correctly) before sending the file, to make sure the client is a valid client.

LouZer

Fresh-Faced Recruit

Joined: Nov 2000

0

oh well

03/21, 11:42pm reply

darn it, I guess now if you want DRM free music, you'll have to go to one of the other thousand places that offer that.

don't get me wrong, in this case, I think apple is very much in the right to close down this security hole...hey look, their engineers fixed something....I'm kind of shocked, why didn't they leave the security hole in place, and just put kids in jail until people were too afraid to use it.

whats the fun in just fixing the leak..I mean hole.

Jonathan-Tanya

Fresh-Faced Recruit

Joined: Oct 2004

0

thank you hackers

03/22, 04:19am reply

obviously the hole was fixed by apple before the hackers exploited it - iTunes 4.7 was released long before the exploit.

all that apple did was to switch it on and make iTunes < 4.7 incompatible. also apple removed to "load again" feature.

so after all all the hack did for us was that we have to update iTunes

Wutzo

Fresh-Faced Recruit

Joined: Apr 2002

0

Apple to crackers

03/22, 09:09am reply

"NEXT!"

denim

Mac Elite

Joined: Jun 2000

0

Ethereal

03/22, 09:11am reply

Just use Ethereal to sniff out the traffic while you download from iTunes. Piece the file back together, and you will have one that has DRM (in iTunes), and one that is DRM Free...

bgmccollum

Forum Regular

Joined: Sep 2002

0

Popular News