On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

September 22nd, 2009

Critical iTunes flaw exposes Mac, Windows to hacker attacks

Posted by Ryan Naraine @ 7:09 pm

Categories: Apple, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Exploit code, Hackers, Malware, Patch Watch, Pen testing, Phishing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Hacker Attack, Apple Macintosh, Flaw, Arbitrary Code Execution, Apple iTunes, iTunes Flaw, Microsoft Windows, Apple Mac OS X, Apple Mac OS, Desktops

Apple has shipped iTunes 9.0.1to fix a critical security hole that puts Mac and Windows users at risk of computer takeover attacks.

The vulnerability could be used by hackers to launch code execution attacks via booby-trapped “.pls” files, Apple warned in an advisory.

The skinny:

  • Impact:  Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution
  • Description:  A buffer overflow exists in the handling of .pls files. Opening a maliciously crafted .pls file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

The update is available for Mac OS X v10.4.11 or later, Mac OS X Server v10.4.11 or later, Windows XP, Vista and Windows 7.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 31 Talkback(s)
Yes, Zealot, they do...
... especially when the victims are double victims--unknowing victims
of pirates and essentially-ignored victims of Microsoft's anti-piracy
policies.

Maybe Microsoft did change that po... (Read the rest)
Posted by: vulpine@... Posted on: 09/24/09 You are currently: a Guest | | Terms of Use
So predictable  frgough | 09/22/09
It Doesn't Really Matter  DannyO_0x98 | 09/22/09
Is my computer at risk from this?  NonZealot | 09/22/09
From this? No...  vulpine@... | 09/23/09
Yes...  zkiwi | 09/23/09
Not Just any old...  arminw | 09/23/09
RE: Risk  JakAttak | 09/23/09
To which he syncs with a Windows Box  JM1981 | 09/23/09
Absolutely!  athynz | 09/23/09
And before ALL the trolls go apesh!t...  vikingnyc@... | 09/23/09
Microsoft did the same with MS08-067 yet...  ye | 09/23/09
Actually, that's not a directly valid comparison...  MichaelArgast | 09/23/09
What were the successful expploits prior to the patch release?  ye | 09/23/09
Kind of like when  Erroneous | 09/23/09
Especially since...  vulpine@... | 09/23/09
Potential vulnerability is often the price of innovation?  The 'G-Man.' | 09/24/09
RE: Critical iTunes flaw exposes Mac, Windows to hacker attacks  the_anatole@... | 09/23/09
.pls  Eeem | 09/23/09
Is iTunes 8.2.1 vulnerable?  notlob | 09/23/09
Did it say iTunes 8.2.1?  The 'G-Man.' | 09/24/09
Not from this, your computers vulnerable to third-rateness  HollywoodDog | 09/23/09
Ha! In the words of Peter Griffin...  mgp3 | 09/23/09
Actually  athynz | 09/23/09
Would this have worked in the case of Conficker?  Qbt | 09/23/09
By Microsoft preventing updates to supposed pirated copies...  vulpine@... | 09/23/09
So if the Conficker botnet consists of pirated copies of Windows...  Qbt | 09/23/09
Wait....  James T. Kirk | 09/23/09
Wait, infected pirates count again?  NonZealot | 09/23/09
Yes, Zealot, they do...  vulpine@... | 09/24/09
How would you be sure of that, though?  mechBgon | 09/23/09
RE: Critical iTunes flaw exposes Mac, Windows to hacker attacks  wrenchmonkey | 09/23/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here