03/13/2006, 11:25am, EST

Monday, March 13th

New security issue in iTunes, QuickTime

Apple has reported a new security vulnerability affecting iTunes and QuickTime, which could lead to code being run on the system, according PC Pro. "The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2. An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions." The report says that Security company eEye Digital describes the flaw as "high" in terms of severity and that Apple has yet to issue any patches for the affected software. Both are listed on the security research firm's website: EEYEB-20060307a and EEYEB-20060307b. [updated: direct links to flaws added]

Filed under: Apple

, 6

6 comments

Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article

Expand All

Global Settings

t_hah

What it iTunesj?

03/13, 12:17pm, EST

My iTunes is at version 6.0.4. What is iTunesj?

Mac Elite

Joined Dec 2000

User is offline

jasong

No Patch?

03/13, 12:31pm, EST

Since iTunes is at 6.0.4 and this issue apparently doesn't affect 6.0.4, and iTunes is free, I would say that a patch _has_ been released.

Mac Elite

Joined Mar 2000

User is offline

bgarlock

RE: what is itunesj

03/13, 12:38pm, EST

That is a typo (I would guess)

Fresh-Faced Recruit

Joined Mar 2006

User is offline

ZinkDifferent

Damn...!

03/13, 12:56pm, EST

"We can't report any security flaws on Apple with current software, so let's point out how older versions have flaws, and let's call them critical. If people call us on it, let's just say that there's a risk of 'many' users running these older versions, that haven't upgraded yet..."

Fresh-Faced Recruit

Joined Jan 2005

User is offline

JoeE

For Pete's Sake...

03/13, 10:39pm, EST

Apple has reported a new security vulnerability affecting iTunes and QuickTime...

This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

I see no valid reason to bitch at the messenger. If you want to bitch, then do so at Apple.

Fresh-Faced Recruit

Joined Feb 2006

User is offline

LouZer

Re: for pete's sake

03/13, 11:56pm, EST

This is APPLE who has reported the vulnerability. And, really, I would think that the actual underlying message here is "UPDATE to the current versions of iTunes and QuickTime." Whether you want to believe it or not, there really are lazy people (both Mac and PC users alike) who simply have NOT updated. Apparently, those of us posting here are already in the clear since we have the current versions installed.

Another thing on this. I guess all the whiners on this board have nothing better to do then download/install itunes updates and post messages. But most people get tired of installing a newer version of Itunes every other week (its worse then MS updates!)

And if you read the release notes, all they said 6.0.4 improved reliabily with Front Row. And I'd hazard a guess that most people don't use the over-hyped Front Row, so why would someone waste the time to download and reboot.

Fresh-Faced Recruit

Joined Nov 2000

User is offline

Your Comments

Not a member of the MacNN forums? Register now for free.

Default Comment View
External Page Links
Comment Threading View