By Dawn Kawamoto, 18 November 2005 16:00
NEWS
A critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued on Thursday by a security research firm.
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update.
The latest iTunes flaw, however, runs on all operating systems from Windows XP to Mac OS X, according to a security warning issued by eEye Digital Security.
This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user's computer.
Although an Apple spokesman was not immediately available for comment, the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according to Apple's posting on its site. eEye, meanwhile, does not provide extensive details on the flaws it finds until a vendor releases a patch to resolve the security flaw.
When Apple released its iTunes 6 for Windows security patch earlier this week, it was designed to prevent the wrong helper application from launching. The helper program searches multiple system paths to figure out which program to run but the flaw could allow an attacker to create a way for an alternate program to be initiated by iTunes.
Dawn Kawamoto writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below