informa
/
1 MIN READ
News

Apple iTunes, QuickTime Face Flaws

On Tuesday, Apple released a security update to iTunes 6 for Windows; the bug reported by eEye, however, wasn't addressed in that fix.
Just days after Apple Computer updated the Windows version of its popular iTunes software, a security firm warned that a new critical vulnerability in the program could let attackers grab control of PCs and Macs.

According to an alert posted Thursday by eEye Digital Security, a "remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user." The security vendor traditionally doesn't provide details on vulnerabilities it discovers until the affected vendor produces a patch.

On Tuesday, Apple released a security update to iTunes 6 for Windows; the bug reported by eEye, however, wasn't addressed in that fix.

Also on Thursday, eEye warned of a similarly-critical bug in various versions of Apple's QuickTime media player on both the Windows and Mac platforms. That vulnerability can also be exploited remotely, and might result in an attacker grabbing control of the victimized computer.

Apple's policy is not to confirm or comment on potential security problems until it has wrapped up its investigation and if necessary, created a fix for the flaw.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing