Network News

X My Profile
View More Activity

Apple Issues ITunes Security Update

Apple has pushed out another update to fix a security hole in its popular iTunes application that the company says attackers could use to break into or seize control over affected machines just by getting the user to play a specially crafted music file.

Vulnerability tracking company Secunia has rated this a "highly critical" threat. New versions are available for both Mac and Windows users at this link.

ITunes has made the SANS Institute's Top 20 Most Critical Internet Security Vulnerabilties list several times running, and if the past is any teacher, it is probably a good bet that exploit code will soon be made available for this flaw. So if you use iTunes, download this update.

Apple also rejiggered a patch installer that it released earlier this week to update certain Mac OS X systems to version 10.4.7. Apple said it was reissuing the installer because several key files were missing from the original patch.

The company notes: "Only the package that upgrades a Mac OS X v10.4.6 (Intel) system to Mac OS X v10.4.7 (Intel) is being changed. All other Mac OS X v10.4.7 install packages remain unchanged. The change being made to the install package does not affect the security fixes provided in the package."

By Brian Krebs  |  June 30, 2006; 9:06 AM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Reissues Anti-Piracy Tool, Lawyers Sue
Next: Exploit Out for Newly-Patched Mac OS X Flaw

Comments

Hi,

This has nothing to do with this article, but can you please do a security study for linux? It would be useful to do so for say, Fedora and Ubuntu, two of the most popularly used freely available open source linux OS. Maybe you could also take a look at SELinux which ships with Fedora?

Thanks,
Ron

Posted by: Ron | June 30, 2006 10:51 AM | Report abuse

This article is obviously a mistake. Apple products do not have security flaws. /sarcasm.

Posted by: Chris | June 30, 2006 11:04 AM | Report abuse

Odd how we never see an article about security fixes being issued for Windows machines. Either (a) they never need them or (b) they need them several times a day which would make it not particularly newsworthy.

Posted by: Judge C. Crater | June 30, 2006 1:02 PM | Report abuse

iTunes runs on both Windows and Mac. Normally when you find a vulnerability in this type of software it is for multiple operating systems. Of course Windows has been the top choice when exploits are developed but the gap will likely close a bit. Someone who knew what they were doing could probably develop a nasty exploit that would infect both Mac and Windows. I think I read something about that in the last few months. Can't remember where.

In any event, computer security will not be boring anytime soon!

Posted by: blast3r | June 30, 2006 3:03 PM | Report abuse

If I remember correctly, Apple has bundled iTunes with Quicktime, so probably a lot of people have iTunes but may not even realize it, if they downloaded Quicktime, or an update to Quicktime. It's possible to uninstall iTunes after installing iTunes + Quicktime.

Posted by: Michael | June 30, 2006 3:58 PM | Report abuse

I know of aMacBookPro that was disabled because of the original 10.4.7 update. You can read about it here: http://cleverhack.com/2006/06/28/os-x-update-1047-fouls-macbookpro/

The only way to get the machine back up prior to the patch was to reinstall the operating system. Glad to see Apple fixed the issue.

Posted by: joy | June 30, 2006 7:21 PM | Report abuse

Apple presumes that their systems can never be compromised. After many calls to their customer service dept. and even a visit to their so-called genius (who said there is no way possible that an Apple can have a trojan) we were forced to return their lovely imac. The companies attititude is "Deny, never admit that there may be an infection or compromised system to a consumer." The machine was clearly compromised. All administrative rights were taken away, there were multiple partitions that could not be formatted, and no, we did not download bootcamp. The logs indicated numerous security breaches; I even found a "no_proof_log" on the system, their customer service said that was "normal". Additionally, on every boot there were "java boot exception errors" and keyboard and mouse would freeze whenever you would try to set your vault; so forget about being able to set it. I was told again, that this was "normal" Logs also read "dirty window" on desktop. Is that enough reason to suspect? Not according to Apple. We did ask if we could have the non-intel machine, but they said that if we did that there would be no customer support for that machine. Well, after a month of their "all is okay" despite the fact I could not use the machine, we gladly returned their immune system. After all, if it's not a virus or hacker; then I guess its just a hardware issue. As for the patches, I was told by the Apple Sales rep in Mission Viejo that it was preventative measure discovered by Apple engineers (he should read their own site). The so-genius at the Irvine location flat out denied that there were any patches or vulnerabilites with any Apple's and stated that there were no security issues in 6 years. He would not help me based on my concerns. "If you have a mac, you dont need antivirus or a firewall" we were told by one sales rep. In their attempts to squash any traces of evidence of a compromised system, they deny, cover up and lie. The good news-Apples Antivirus is better than Norton. It works like this, Exchange for a New Machine or get your money back. With a policy like that I guess they were right, you dont need any other antivirus.

Posted by: Apples Antivirus | July 1, 2006 2:17 PM | Report abuse

Apple presumes that their systems can never be compromised. After many calls to their customer service dept. and even a visit to their so-called genius (who said there is no way possible that an Apple can have a trojan) we were forced to return their lovely imac. The companies attititude is "Deny, never admit that there may be an infection or compromised system to a consumer." The machine was clearly compromised. All administrative rights were taken away, there were multiple partitions that could not be formatted, and no, we did not download bootcamp. The logs indicated numerous security breaches; I even found a "no_proof_log" on the system, their customer service said that was "normal". Additionally, on every boot there were "java boot exception errors" and keyboard and mouse would freeze whenever you would try to set your vault; so forget about being able to set it. I was told again, that this was "normal" Logs also read "dirty window" on desktop. Is that enough reason to suspect? Not according to Apple. We did ask if we could have the non-intel machine, but they said that if we did that there would be no customer support for that machine. Well, after a month of their "all is okay" despite the fact I could not use the machine, we gladly returned their immune system. After all, if it's not a virus or hacker; then I guess its just a hardware issue. As for the patches, I was told by the Apple Sales rep in Mission Viejo that it was preventative measure discovered by Apple engineers (he should read their own site). The so-genius at the Irvine location flat out denied that there were any patches or vulnerabilites with any Apple's and stated that there were no security issues in 6 years. He would not help me based on my concerns. "If you have a mac, you dont need antivirus or a firewall" we were told by one sales rep. In their attempts to squash any traces of evidence of a compromised system, they deny, cover up and lie. The good news-Apples Antivirus is better than Norton. It works like this, Exchange for a New Machine or get your money back. With a policy like that I guess they were right, you dont need any other antivirus.

Posted by: Apples-Antivirus | July 1, 2006 2:22 PM | Report abuse

Hmm... a major corporation that is not trustworthy? I've never heard *that* one before!

Apple's support indeed leaves a lot to be desired. I hear nightmare stories about the geniuses all the time. Still, I have needed their support only ONCE in over 10 years of owning Mac machines (and that was for a logic board replacement in the old G3 iBook, which is a known issue).

Apple's "we're the best" rhetoric is going to bite them on the a** as the vulnerabilities are exposed. But I think a reasonable observer still must conclude that MacOSX is, on balance, safer than WinXP (if only in the sense that a glass house is more weather-resistant than a cardboard one). Also easier to use.

James

Posted by: James | July 3, 2006 11:00 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company