Apple bitten by iTunes security bugs

Musical chairs

Security researchers have discovered four critical vulnerabilities involving Apple's QuickTime media player software and the download application for Apple's iTunes music store. The flaws create a means for hackers to take control of affected systems, according to eEye Digital Security, the firm that discovered the bugs.

All four security issues are exploitable via iTunes. Because of the popularity of Apple's iPod among office workers many businesses, as well as consumers, are potentially exposed to attack. The cross platform flaw affects Windows 2000, Windows XP and Apple Mac OS X systems running vulnerable versions of iTunes. Fortunately Apple has released a fix. Users are urged to update to QuickTime 7.0.4. More info on the flaws can be found in a series of advisories by eEye Digital Security (here, here, here, here). ®