Feeds

Apple fans besieged by iPhone Trojan and iTunes attack

iExploits

Boost IT visibility and business value

Apple fans are under attack on multiple fronts.

Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven.

Exploitation of the flaw in either case involves tricking surfers into opening a maliciously constructed QuickTime tag contained on a web page or embedded in an MP3 and video clip file. Security clearing house US CERT rates the buffer overflow-based flaw - which affects Apple QuickTime 7.5.5 and iTunes 8.0 - as a high risk bug.

Apple posted an update for QuickTime addressing earlier bugs only last week. The consumer electronic giant is yet to respond to the latest security flap involving its iTunes software, following the publication of an alert by US CERT on Thursday.

In other Apple-related security news, miscreants have disguised a Windows Trojan as a game for the Apple iPhone. The malware appears as an attachment in spam emails doing the rounds that appear with subject lines such as "Virtual iPhone games!" and "Apple: The most popular game!". Windows users credulous enough to open the infected attachment 'Penguin.Panic.zip' will end up loading the Agent-HNY Trojan onto their systems.

The malware has no effect when opened on either a Mac or Jesus Phone, as explained in a write-up of the attack of a Sophos security blog here. ®

The Essential Guide to IT Transformation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.