Original URL: http://www.reghardware.co.uk/2006/01/11/itunes_vulns/
Security researchers have discovered four critical vulnerabilities involving Apple's QuickTime media player software and the download application for Apple's iTunes music store. The flaws create a means for hackers to take control of affected systems, according to eEye Digital Security, the firm that discovered the bugs.
All four security issues are exploitable via iTunes. Because of the popularity of Apple's iPod among office workers many businesses, as well as consumers, are potentially exposed to attack. The cross platform flaw affects Windows 2000, Windows XP and Apple Mac OS X systems running vulnerable versions of iTunes. Fortunately Apple has released a fix. Users are urged to update to QuickTime 7.0.4. More info on the flaws can be found in a series of advisories by eEye Digital Security (here (http://www.eeye.com/html/research/advisories/AD20060111a.html), here (http://www.eeye.com/html/research/advisories/AD20060111b.html), here (http://www.eeye.com/html/research/advisories/AD20060111c.html), here (http://www.eeye.com/html/research/advisories/AD20060111d.html)). ®
Apple QuickTime update lances multiple bugs (6 March 2007)
http://www.reghardware.co.uk/2007/03/06/apple_quicktime_update/
Unpatched bug bites QuickTime (3 January 2007)
http://www.theregister.co.uk/2007/01/03/quicktime_vuln/
Apple update fixes 'critical' security bug (2 March 2006)
http://www.reghardware.co.uk/2006/03/02/apple_security_update/
Mac OS X malware latches onto Bluetooth vulnerability (17 February 2006)
http://www.theregister.co.uk/2006/02/17/macosx_bluetooth_worm/
Apple adds MiniStore monitor warning to iTunes (19 January 2006)
http://www.reghardware.co.uk/2006/01/19/apple_updates_itunes_ministore/
MS ends Mac media player development (13 January 2006)
http://www.reghardware.co.uk/2006/01/13/ms_ends_mac_wmp_development/
Apple downplays iTunes 'spyware' fears (12 January 2006)
http://www.reghardware.co.uk/2006/01/12/itunes_602_spyware_claim/
MS to ship Mac Office of five years 'minimum' (12 January 2006)
http://www.reghardware.co.uk/2006/01/12/ms_office_mac_deal/
Sony 'rootkit' settlement clamps down on DRM (29 December 2005)
http://www.theregister.co.uk/2005/12/29/sony_settles_rootkit/
Shared music abuse bug hits iTunes (17 October 2005)
http://www.theregister.co.uk/2005/10/17/itunes_sharing_glitch/
Are you scared of iPods, penguins, terrorists or Daleks? (6 September 2005)
http://www.theregister.co.uk/2005/09/06/letters_0609/
Motorola-built iPod Phone next week? Not worth looking at, say pundits (3 September 2005)
http://www.theregister.co.uk/2005/09/03/ipod_phone_analysis/
Hackers look outside Windows for flaws (28 July 2005)
http://www.theregister.co.uk/2005/07/28/sans_top_20/