Feeds

Apple fans besieged by iPhone Trojan and iTunes attack

iExploits

Providing a secure and efficient Helpdesk

Apple fans are under attack on multiple fronts.

Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven.

Exploitation of the flaw in either case involves tricking surfers into opening a maliciously constructed QuickTime tag contained on a web page or embedded in an MP3 and video clip file. Security clearing house US CERT rates the buffer overflow-based flaw - which affects Apple QuickTime 7.5.5 and iTunes 8.0 - as a high risk bug.

Apple posted an update for QuickTime addressing earlier bugs only last week. The consumer electronic giant is yet to respond to the latest security flap involving its iTunes software, following the publication of an alert by US CERT on Thursday.

In other Apple-related security news, miscreants have disguised a Windows Trojan as a game for the Apple iPhone. The malware appears as an attachment in spam emails doing the rounds that appear with subject lines such as "Virtual iPhone games!" and "Apple: The most popular game!". Windows users credulous enough to open the infected attachment 'Penguin.Panic.zip' will end up loading the Agent-HNY Trojan onto their systems.

The malware has no effect when opened on either a Mac or Jesus Phone, as explained in a write-up of the attack of a Sophos security blog here. ®

Security for virtualized datacentres

More from The Register

next story
Same old iPad? NO. The new 'soft SIMs' are BIG NEWS
AppleSIM 'ware to allow quick switch of carriers
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.