madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Apple patches 13 iTunes security holes

By | September 2, 2010, 8:38am PDT

Summary: The vulnerabilities expose Windows users to remote code execution attacks via maliciously crafted Web sites.

Apple has shipped a new version of its iTunes media player to fix 13 security flaws that cold be exploited to launch attacks against Windows machines.

The patches in the new iTunes 10 covers vulnerabilities in WebKit, the open-source web browser engine.The WebKit vulnerabilities, already patched in Safari, expose Windows users to remote code execution attacks via maliciously crafted Web sites.

The iTunes 10 update is available  Windows 7, Windows Vista and Windows XP SP2 or later.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple Inc., Media Players, Security, Digital Music, Viruses And Worms, Digital Media, Consumer Electronics, Personal Technology, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 16 Talkback(s)

  • RE: Apple patches 13 iTunes security holes
    iTunes should be renamed to iBloat..
    ZDNet Gravatar
    Rahul Mulchandani
    2nd Sep 2010
  • iCrashyCrashy
    @Rahul Mulchandani
    My first sync with iTunes 10 and iPhone worked well, second one crashed. Apple should stick to designing hardware because most of their software is really and truly terrible.
    ZDNet Gravatar
    NonZealot
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    @NonZealot
    Sorry to hear about your crash, for you I am sure it was frustrating. Hey, look at the crash in a positive manner, it provided you the opportunity to dispense a negative Apple vent. happy

    A while after I installed iTunes 10 I saw on my iPhone there was a app update, the update performed well. Then a short time later another app update was available, again all went well. On my system iTunes 10 does not have any problems.

    As for your statement, "...because most of their software is really and truly terrible...", sounds so pedestrian, be specific with your comments. What programs what feature sets are so terrible to you or, does a program feature set not fit your needs thus you are sour?

    For me there are programs from other vendors I do not like however, I would not be so crass to say about those vendors "...most of their software is really and truly terrible...". Making that comment others would see it as a childish, irresponsible and, stupid remark.

    Again, sorry to hear about your crash with iTunes 10.
    ZDNet Gravatar
    BubbaJones_
    2nd Sep 2010
  • Subjectively and objectively, Apple software is very low quality
    What programs what feature sets are so terrible to you or, does a program feature set not fit your needs thus you are sour?

    I'm reminded of the parallel between OS X zealots who complain that most Windows users haven't used OS X but most OS X users have used Windows, therefore OS X users are better able to compare the 2 products. Likewise, most people who have used Zune software have used iTunes but very few people who have used iTunes have actually used any other media manager. Zune is light years ahead of iTunes which even Apple has tacitly admitted by stealing yet another feature from Zune: Ping.

    However, Apple does have a bigger problem with the software QA. For me personally, OS X crashed non stop and I was very happy to stop that little experiment after a month. It isn't just me though. Apple was recently recognized as having the most security vulnerabilities in their products than any other software vendor in the world:
    http://www.zdnet.com/blog/security/report-apple-had-the-most-vulnerabilities-throughout-2005-2010/6801
    That is about as objective as it gets.

    Again, sorry to hear about your crash with iTunes 10.

    iTunes is the only part of the iPhone that I'm not enjoying. Too bad that iTunes has to sully what is otherwise a fine product. sad
    ZDNet Gravatar
    NonZealot
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    @NonZealot
    Yes, I enjoy OS X much more than Windows; used to do both phone and desk side support and, network support for Windows well familiar with MS from DOS 3.1 through XP.

    Myself and my friends are not having the crashes you are having. So, again sorry it was happening to you but, I think it may be something with your system.

    My system is an older iMac running 10.5.8, does not qualify for Snow Leopard, wife on her laptop uses Tiger it does not qualify for Leopard. We have not had any crashes. Neighbors, friends and business associates are not having crashes. That is why I am saying something in error with your system; not you.

    Thank you for the link yes, I have seen that. It is curious to me that though their charts portray things we do not read about OS X break ins, bots, virus, trojans, worms, drive by infestations as we do with other OSes. Though there have been proof of concept, there are few if any in the wild.

    All that is moot as in your situation Mac did not work for you. I too remember back in the day I did not like Mac OS even quite often refusing to consider it. However, giving it another go I was very impressed, kept my Windows PC along side of the Mac. Then about eight years ago I went all Mac; we here are most pleased. Many friends neighbors and business associates have switch, according to them they wish they had switched earlier.

    Computers are a tool nothing else. Though I do not enjoy working with another OS I refuse to belittle, berate, condemn and the like, the other OS. They may not work for me but, they do work quite well for others.
    ZDNet Gravatar
    BubbaJones_
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    Thank you very much for your sharing. chanel bags
    ZDNet Gravatar
    lovedong
    12th Sep
  • RE: Apple patches 13 iTunes security holes
    @Rahul Mulchandani
    Anyone can complain and, find fault it does not take talent to do that.

    As any program from any vendor grows and matures it acquires more whistles and bells; that is life with software. If you can produce a lean mean iTunes then please do, maybe the world will beat a path to your door as well.

    Suggestion, send feedback to Apple with specifics how they can reduce "bloat" in iTunes. Maybe they will take what you say making iTunes better for all of us. If you choose not do that then please do not use ZDNet to vent your spleen; your comment is not helpful for anyone.
    ZDNet Gravatar
    BubbaJones_
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    Thank you and good luck. chanel bags
    ZDNet Gravatar
    lovedong
    12th Sep
  • There is a simple solution to the iTunes problem
    It's called "Add/Remove Programs". I remove iTunes on sight, and in every case the computer runs far better once all of the Apple iCrap is removed.

    My advice? Dump the iToys and get devices from companies that don't trash your computer.
    ZDNet Gravatar
    itpro_z
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    @itpro_z - Unfortunately, iTunes few great things about it, despite it's bugginess/useless code. You can play & search music in iTunes with very few clicks and the UI is extremely neat.

    Try using WMP12, it takes a 1000 clicks to achieve anything!
    ZDNet Gravatar
    Rahul Mulchandani
    2nd Sep 2010
  • Isn't that always the way with Apple?
    @Rahul Mulchandani

    Yes, Apple produces very pretty and easy to use products (both hardware and software), but underneath it is a different story. Despite the premium price, most of their hardware is mediocre at best, and their software sacrifices functionality for simplicity. Simple is nice and has its place, but when a program like iTunes trashes a computer's performance, stability, and security (perhaps intentionally, considering how Apple feels about Windows) then it has no place on my machines.
    ZDNet Gravatar
    itpro_z
    2nd Sep 2010
  • 120 million people
    disagree with you.
    ZDNet Gravatar
    frgough
    2nd Sep 2010
  • By your rationale, Vista was fantastic!!
    @frgough

    Cue the double standards...
    ZDNet Gravatar
    NonZealot
    2nd Sep 2010
  • RE: Apple patches 13 iTunes security holes
    13 vulnerabilities in just a music player? That is ridiculous! Lets see a better headline like "Mammoth patches dropped on iTunes to fix mammoth vulnerabilities!!1!"
    ZDNet Gravatar
    Loverock Davidson
    2nd Sep 2010
  • Just needed to make your presence known?
    @Loverock Davidson
    To fix vulnerabilities many times your favorite OS had over 13 updates. That is the way software works, vendors do their best, someone finds flaws. Oh-well.

    As you would say "it is now patched nothing to see here move on".
    ZDNet Gravatar
    BubbaJones_
    2nd Sep 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here