[ISN] Hacker threat to Apple's iTunes
InfoSec News
isn at c4i.org
Wed Jan 19 02:54:49 EST 2005
http://news.bbc.co.uk/1/hi/technology/4184887.stm
18 January, 2005
Users of Apple's music jukebox iTunes need to update the software to
avoid a potential security threat.
Hackers can build malicious playlist files which could crash the
program and let them seize control of the computer by inserting Trojan
code.
A new version of iTunes is now available from the Apple website which
solves the problem.
Security firm iDefence, which notified users of the problem,
recommended that users upgrade to iTunes version 4.7.1.
The problem affects all users of iTunes - Windows and Mac OS - running
versions 4.7 and earlier.
Users can automatically upgrade iTunes by opening the "look for
updates" window in the program.
The security firm says users should avoid clicking on or accessing
playlist files - which have the file extension of .pls or .m3u - which
have come from unknown sources.
Itunes is the world's most popular online music store with more than
200 million songs downloaded since it launched in 2003.
More information about the ISN
mailing list