apple news/media reports

03/13/2006, 11:25am, EST

Monday, March 13th

New security issue in iTunes, QuickTime

Apple has reported a new security vulnerability affecting iTunes and QuickTime, which could lead to code being run on the system, according PC Pro. "The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2. An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions." The report says that Security company eEye Digital describes the flaw as "high" in terms of severity and that Apple has yet to issue any patches for the affected software. Both are listed on the security research firm's website: EEYEB-20060307a and EEYEB-20060307b. [updated: direct links to flaws added]


Filed under: Apple

, , 6comments, del.icio.us, slashdot, digg, buzz


6 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
What it iTunesj?
0
03/13, 12:17pm, EST
My iTunes is at version 6.0.4. What is iTunesj?
Mac Elite
Joined Dec 2000
User is offline
No Patch?
0
03/13, 12:31pm, EST
Since iTunes is at 6.0.4 and this issue apparently doesn't affect 6.0.4, and iTunes is free, I would say that a patch _has_ been released.
Mac Elite
Joined Mar 2000
User is offline
RE: what is itunesj
0
03/13, 12:38pm, EST
That is a typo (I would guess)
Fresh-Faced Recruit
Joined Mar 2006
User is offline
Damn...!
0
03/13, 12:56pm, EST
"We can't report any security flaws on Apple with current software, so let's point out how older versions have flaws, and let's call them critical. If people call us on it, let's just say that there's a risk of 'many' users running these older versions, that haven't upgraded yet..."
Fresh-Faced Recruit
Joined Jan 2005
User is offline
For Pete's Sake...
0
03/13, 10:39pm, EST
Apple has reported a new security vulnerability affecting iTunes and QuickTime...

This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

I see no valid reason to bitch at the messenger. If you want to bitch, then do so at Apple.
Fresh-Faced Recruit
Joined Feb 2006
User is offline
Re: for pete's sake
0
03/13, 11:56pm, EST
This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

Another thing on this. I guess all the whiners on this board have nothing better to do then download/install itunes updates and post messages. But most people get tired of installing a newer version of Itunes every other week (its worse then MS updates!)

And if you read the release notes, all they said 6.0.4 improved reliabily with Front Row. And I'd hazard a guess that most people don't use the over-hyped Front Row, so why would someone waste the time to download and reboot.
Fresh-Faced Recruit
Joined Nov 2000
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.