2006-07-01

iTunes Security Risk

I started my Apple iTunes running on Windows and got a dialog box saying I should upgrade to iTunes 6.0.5. I looked around the Internet to see what new cool features I would be getting. To my surprise I found that it was a security upgrade and that I run the risk of having my computer taken over by a malicious hacker if I have an older version of iTunes running.

What happened to the myth that Apple Software was hack proof?

According to News.com

Separately on Thursday, Apple put out iTunes 6.0.5, an update that it said fixes a security problem that could be used in a denial-of-service attack or let an intruder run code on vulnerable systems.

"The AAC file parsing code in iTunes versions prior to 6.0.5 contains an integer overflow vulnerability," the company said on its security Web site. "Parsing a maliciously-crafted AAC file could cause iTunes to terminate or potentially execute arbitrary code. iTunes 6.0.5 addresses this issue by improving the validation checks used when loading AAC files."

The iTunes vulnerability affects Mac OS X versions 10.2.8 or later and Microsoft Windows XP and 2000, Apple said.


To upgrade, all you need to do is start your iTunes and ok the dialog box that asks you to upgrade.

3 comments:

  1. lool

    i got the upgrade msg and i just clicked cancel

    ops

    ReplyDelete
  2. "What happened to the myth that Apple Software was hack proof?"

    Apple isn't hack proof but it's proven to be much more secure than Microsoft's software. Rule of thumb: Whatever system you use, update as often as you can.

    ReplyDelete
  3. thanks i downloaded the new version

    ReplyDelete