iTunes Bug Leaves Users Vulnerable To Hack

Danish security firm finds a "highly critical" vulnerability in iTunes software.
Just a day after Steve Jobs touted a new $99 iPod, a Danish security firm revealed that the iTunes software, which lets Mac and Windows users download purchased tracks to their computers, and thus to their iPods, has a "highly critical" vulnerability.

Security vendor Secunia on Tuesday warned that iTunes 4.x suffers from a vulnerability "caused due to a boundary error within the handling of .m3u and .pls playlists." The bug, said Secunia, can be exploited by a maliciously-crafted playlist to cause a buffer overflow on the target computer, which could then let the hacker gain complete control of the machine.

"Successful exploitation may allow execution of arbitrary code," Secunia stated in its alert.

The solution, said Secunia, is to update to the newest version of the iTunes software, labeled 4.7.1, which was posted on the Apple site Tuesday.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Terry White, Associate Chief Analyst, Omdia
John Abel, Technical Director, Google Cloud
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer