toggle

AAPL Stock: 503 ( + 0.79 )

New security issue in iTunes, QuickTime

updated 11:25 am EST, Mon March 13, 2006

iTunes, QuickTime security


Apple has reported a new security vulnerability affecting iTunes and QuickTime, which could lead to code being run on the system, according PC Pro. "The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2. An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions." The report says that Security company eEye Digital describes the flaw as "high" in terms of severity and that Apple has yet to issue any patches for the affected software. Both are listed on the security research firm's website: EEYEB-20060307a and EEYEB-20060307b. [updated: direct links to flaws added]


by MacNN Staff

print
email
(6)

TAGS :

 Apple

Related Articles

Recent Articles

toggle

Comments

  1. t_hah

    Mac Elite

    Joined: Dec 2000

    0
    03/13, 12:17pm | report spam | Reply |

    What it iTunesj?

    My iTunes is at version 6.0.4. What is iTunesj?

  1. jasong

    Mac Elite

    Joined: Mar 2000

    0
    03/13, 12:31pm | report spam | Reply |

    No Patch?

    Since iTunes is at 6.0.4 and this issue apparently doesn't affect 6.0.4, and iTunes is free, I would say that a patch _has_ been released.

  1. bgarlock

    Fresh-Faced Recruit

    Joined: Mar 2006

    0
    03/13, 12:38pm | report spam | Reply |

    RE: what is itunesj

    That is a typo (I would guess)

  1. ZinkDifferent

    Fresh-Faced Recruit

    Joined: Jan 2005

    0
    03/13, 12:56pm | report spam | Reply |

    Damn...!

    "We can't report any security flaws on Apple with current software, so let's point out how older versions have flaws, and let's call them critical. If people call us on it, let's just say that there's a risk of 'many' users running these older versions, that haven't upgraded yet..."

  1. JoeE

    Fresh-Faced Recruit

    Joined: Feb 2006

    0
    03/13, 10:39pm | report spam | Reply |

    For Pete's Sake...

    Apple has reported a new security vulnerability affecting iTunes and QuickTime...

    This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

    I see no valid reason to b**** at the messenger. If you want to b****, then do so at Apple.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    03/13, 11:56pm | report spam | Reply |

    Re: for pete's sake

    This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

    Another thing on this. I guess all the whiners on this board have nothing better to do then download/install itunes updates and post messages. But most people get tired of installing a newer version of Itunes every other week (its worse then MS updates!)

    And if you read the release notes, all they said 6.0.4 improved reliabily with Front Row. And I'd hazard a guess that most people don't use the over-hyped Front Row, so why would someone waste the time to download and reboot.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Powerbag Business Class Bag

Many companies currently offer battery packs and various accessories to keep smartphones and other gadgets charged when away from an o ...

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

toggle

Most Commented

10 Most Discussed

 

Popular News