[ISN] Hacker threat to Apple's iTunes

From: InfoSec News (isn@private)
Date: Tue Jan 18 2005 - 23:54:49 PST


http://news.bbc.co.uk/1/hi/technology/4184887.stm

18 January, 2005

Users of Apple's music jukebox iTunes need to update the software to
avoid a potential security threat.

Hackers can build malicious playlist files which could crash the
program and let them seize control of the computer by inserting Trojan
code.

A new version of iTunes is now available from the Apple website which
solves the problem.

Security firm iDefence, which notified users of the problem,
recommended that users upgrade to iTunes version 4.7.1.

The problem affects all users of iTunes - Windows and Mac OS - running
versions 4.7 and earlier.

Users can automatically upgrade iTunes by opening the "look for
updates" window in the program.

The security firm says users should avoid clicking on or accessing
playlist files - which have the file extension of .pls or .m3u - which
have come from unknown sources.

Itunes is the world's most popular online music store with more than
200 million songs downloaded since it launched in 2003.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/



This archive was generated by hypermail 2.1.3 : Wed Jan 19 2005 - 01:21:06 PST