Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hacker threat to Apple's iTunes

From: InfoSec News <isn () c4i org>
Date: Wed, 19 Jan 2005 01:54:49 -0600 (CST)
http://news.bbc.co.uk/1/hi/technology/4184887.stm

18 January, 2005

Users of Apple's music jukebox iTunes need to update the software to
avoid a potential security threat.

Hackers can build malicious playlist files which could crash the
program and let them seize control of the computer by inserting Trojan
code.

A new version of iTunes is now available from the Apple website which
solves the problem.

Security firm iDefence, which notified users of the problem,
recommended that users upgrade to iTunes version 4.7.1.

The problem affects all users of iTunes - Windows and Mac OS - running
versions 4.7 and earlier.

Users can automatically upgrade iTunes by opening the "look for
updates" window in the program.

The security firm says users should avoid clicking on or accessing
playlist files - which have the file extension of .pls or .m3u - which
have come from unknown sources.

Itunes is the world's most popular online music store with more than
200 million songs downloaded since it launched in 2003.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
Previous By Date Next
Previous By Thread Next

Current thread: