Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers

Businessweek Archives

Security Vulnerability in iTunes

Justifying an All-Time High Stock Price |


| A Mysterious Appeal In The iPod Battery Class Action Settlement

November 18, 2005

Security Vulnerability in iTunes

Arik Hesseldahl

How secure is the iTunes software that goes hand-in-hand with the iPod? Apparently there are some issues about which those who use iTunes on Windows should be concerned. Computer security firm eEye is working on publishing the details of a vulnerability that came to light Thursday. Details about the exact nature of the vulnerability are sketchy eEye hasn’t gone into that level of detail as yet.

The vulnerability has come to light only a few days after another security firm iDefense found a vulnerability in iTunes version 5 for running on Windows XP and Windows 2000. (The current version is 6.0.1). That vulnerability, which has been fixed, concerns the way the program uses a helper application.

Marc Maiffret, eEye’s Chief Hacking Officer (how cool a title is that?) is one of the people who helped discover the Code Red worm in 2001. He tells me that Apple has confirmed receipt of the information on the vulnerability. But there’s no comment on the issue from Apple.

The firm describes the vulnerability as “a remotely exploitable flaw” allows arbitrary code to be executed in the context of the logged in user.

There was apparently also some confusion about whether iTunes on the Mac was affected. A story on Cnet which initially said it was affected, was corrected about four hours after it was first published saying eEye was still testing to see if the Mac OS version is affected. Maiffret didn’t comment on that aspect.

Either way, Apple’s usually pretty good about issuing patches that fix these things. eEye says it won’t publish the exact details of the vulnerability until Apple issues a patch.

05:31 PM

iPod and iTunes

TrackBack URL for this entry: details of the vulnerability are given but I notice that eEye (of course!) offers products to fix the "problem." I don't know about you, but I'm skeptical of anyone who tells me I'm sick then offers to sell me the cure...

Posted by: Don Andrews at November 19, 2005 12:00 PM

blog comments powered by Disqus