MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Apple

Apple slaps another security band-aid on iTunes

Summary: Apple patches 79 gaping security holes in the iTunes for Windows software.

Ryan Naraine

By for Zero Day |

Apple has shipped iTunes 10.5 to fix mountains of security problems that expose Windows users to dangerous hacker attacks.

The security patch, available for Windows 7, Windows Vista and Windows XP SP2, fixes a total of 79 documented vulnerabilities.  The most serious of these flaws could allow remote code execution attacks via booby-trapped image or movie files.

The bulk of the vulnerabilities affect the open-source WebKit rendering engine that powers the iTunes Store and iTunes LP.

Details on the vulnerabilities can be found in this Apple security advisory.

iTunes 10.5 is being distributed via the Windows software update utility.  Alternatively, it can be downloaded directly from the iTunes web page.

Topics: Apple, Hardware, Mobility, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

43 comments
Log in or register to join the discussion

  • RE: Apple slaps another security band-aid on iTunes

    What are the criteria for a security hole to be "gaping" ?
    forrestgump2000@...
    Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@... It needs to be mentioned in a ZDNet Security blog posting. "iTunes haunted by gaping holes; Apple slaps on megapatch bandaid"

      Something like "iTunes 10.5 released; patches security holes" would never suffice.
      PB_z
      Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@... any security hole reported on ZDNET is gaping. And how they come to it being a band-aid is beyond me, are they view the code to see if it is a band-aid or if it is fixing the problem. And this isn't just related to Apple and iTunes but also for any patch. Adobe seems to patch "Gaping holes" in flash every other week it seems.
      Snooki_smoosh_smoosh
      Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@...
      I wonder too! A company notifies users that is an issue with its software and issues an update to fix the problem. Someone please explain why they should be condemed rather than applauded?? Aaiiee!!
      eargasm
      Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      LOL @All of the Above :D, it's called "<a href="http://en.wikipedia.org/wiki/Yellow_journalism"><b><i>Yellow Journalism</i></b></a>"
      MrElectrifyer
      Reply Vote

    • &quot;Gaping&quot; flaw

      @forrestgump2000@... A security hole is "gaping" if it is obvious enough that a normal level of QC ought to find it, OR if it remains unpatched for very long after detection. Whether or not these seventy-nine issues were as big a deal as they're being made out to be, I can't say.
      SenorAlejandro
      Reply Vote

    • dsfsdf

      Stuffed Animals Audio Video Equipment http://www.chinawholesaletown.com/wholesale-Pure-Cotton-Compressed/ Kitchenware
      Wholesale Clocks Wholesale T-Shirts http://www.chinawholesaletown.com/wholesale-Carabiner/ Calendar
      Inflatable Products Wholesale Keychain http://www.chinawholesaletown.com/wholesale-Scarf/ iPod iPhone
      Wholesale Gift Bags Voice Recorder http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Promotional Products
      Wholesale Belt Wholesale Pen http://www.chinawholesaletown.com/wholesale-Lunch-Box/ Health Care Products
      Solar Products Lady Beauty Care http://www.chinawholesaletown.com/wholesale-Mouse-Pad/ Mat
      Wholesale Kitchenware Wholesale Tag http://www.chinawholesaletown.com/wholesale-First-Aid-Kit/ Cards
      Computer Accessories Wholesale Ashtray http://www.chinawholesaletown.com/wholesale-Muslim-Products/ Silicone Products
      Wholesale Cap Wholesale Frisbee http://www.chinawholesaletown.com/wholesale-Glass/ USB Products
      Wholesale Watch Wholesale Poncho http://www.chinawholesaletown.com/wholesale-Lighter/ Cup
      Wholesale Ruler Valentine Gifts http://www.chinawholesaletown.com/wholesale-Hair-Products/ Crystal Gifts
      Safety Products Patient Care Products http://www.chinawholesaletown.com/wholesale-Money-Bank/ Sport Support Products
      Gift Box Beauty Equipment http://www.chinawholesaletown.com/wholesale-Belt/ Tie
      Safety Suppliers Wholesale Shoe http://www.chinawholesaletown.com/wholesale-Stress-Ball/ Magnifier
      Pen Holder Wholesale Clothes Rack http://www.chinawholesaletown.com/wholesale-iPod---iPhone/ Flag
      Wholesale Thermometer Poncho Raincoat http://www.chinawholesaletown.com/wholesale-Coaster/ Vocal Concert Products
      Promotional Items Wholesale Swimming Products http://www.chinawholesaletown.com/wholesale-Clap-Hands/ Flash Gift
      Mouse Pad Wholesale Thermometer http://www.chinawholesaletown.com/wholesale-World-Cup-Horn-Vuvuzela/ Home Appliances
      Wholesale Cup Wholesale First Aid Kit http://www.chinawholesaletown.com/wholesale-Safety/ Bottle Opener
      Voice Recorder Wholesale Kitchenware http://www.chinawholesaletown.com/wholesale-Mat/ Cleaner Products
      Consumer Electronics Cleaner Products http://www.chinawholesaletown.com/wholesale-Sport-Support/ Bag
      Wholesale Glove Recorder Pen http://www.chinawholesaletown.com/wholesale-Pedometer/ CD Holde
      Wedding Favors Wholesale iPod iPhone http://www.chinawholesaletown.com/wholesale-Earphone/ T-Shirts
      Wholesale Mug Wholesale Mat http://www.chinawholesaletown.com/wholesale-Shoes/ Toys
      Wholesale Binoculars Wholesale Mirror http://www.chinawholesaletown.com/wholesale-Vase/ Promotional Gifts
      Wholesale Calculator Wholesale Album http://www.chinawholesaletown.com/wholesale-Vocal-Concert-Products/ Shoe
      Coin Bank Photo Frame http://www.chinawholesaletown.com/wholesale-Garden-Decorations/ Gift Box
      Photo Frame Pet Supplies http://www.chinawholesaletown.com/wholesale-Hardware-Tools/ Compass
      Wholesale Magnifier Gift Box http://www.chinawholesaletown.com/wholesale-Tape-Measure/ Golf Products
      Wholesale Scissors Arts Crafts http://www.chinawholesaletown.com/wholesale-Reflective-Safety-Vest/ Safety Suppliers
      Wholesale Pom Poms Lighting Products http://www.chinawholesaletown.com/wholesale-Magnifier/ Mp3
      Industrial Supplies Wholesale Cap http://www.chinawholesaletown.com/wholesale-Voice-Recorder/ Business Gift
      Wholesale Bookmark Safety Products http://www.chinawholesaletown.com/wholesale-Mirror/ Pen
      Wholesale Tableware Vocal Concert Products http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Lighting Products
      Wholesale Clothes Rack Wholesale Carabiner http://www.chinawholesaletown.com/wholesale-TelePhone/ Industrial Supplies
      Sport Support Products Wholesale Towel http://www.chinawholesaletown.com/wholesale-Gift-Bags/ Stress Ball
      Men Beauty Care Safety Suppliers http://www.chinawholesaletown.com/wholesale-Men-Beauty-Care/ Safety Products
      jywhy888
      Reply Vote

  • RE: Apple slaps another security band-aid on iTunes

    Look what these guys do for a living ... write about nothing and try to make it sound worth reading.
    Stix2002
    Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @Stix2002 ... yet you read it all the way through to the end and even the comments... one can only wonder what you do for a living...
      riveroad
      Reply Vote

  • RE: Apple slaps another security band-aid on iTunes

    iTunes 10.5 also introduces iCloud (I suppose there's a separate article about that?).
    sip01
    Reply Vote

  • Finally! Apple no longer has Safari checked by default.

    Or did this happen in another update and I just missed it?
    ye
    Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @ye LOL :D, seems like you missed it cause I never had safari checked by default during <b>ANY</b> update since early 2010 :|
      MrElectrifyer
      Reply Vote

      • While I can't say for certain when it stopped being checked by default I...

        @MrElectrifyer: ...can say I know it's been checked after early 2010. Maybe toddybottom is on to something.
        ye
        Reply Vote

    • Apple seems to turn it on and off at random

      @ye
      On my computer, it is on by default sometimes and off by default sometimes. I haven't figured out the pattern.

      The only sure thing is to be vigilant and always check. I always choose to not install Safari. I don't want it on my system.
      toddybottom
      Reply Vote

  • RE: Apple slaps another security band-aid on iTunes

    Agreed, there's a lot more to the iTunes update than security patches. And it seems the same security issues don't exist in the Mac version of iTunes, which suggests there is something about Windows that multiplies security problems. At a minimum, such problems are not the fault of third-party software developers alone. But, of course, it's too much to expect CNET to report the whole story. If only they were the sole "news" outlet to maintain such mediocre standards of journalism. Sadly, they are remarkable only for the fact that they are not remarkable.
    thewhitedog
    Reply Vote

    • They did. If you read the details you'll see...

      @thewhitedog: [i]And it seems the same security issues don't exist in the Mac version of iTunes, which suggests there is something about Windows that multiplies security problems.[/i]

      ...statements along the following:

      "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006."

      When will people wise up and understand there is nothing inherent in Windows which makes it any more susceptible to vulnerabilities?
      ye
      Reply Vote

      • RE: Apple slaps another security band-aid on iTunes

        [i]When will people wise up and understand there is nothing inherent in Windows which makes it any more susceptible to vulnerabilities?[/i]

        When the other ones catch up and have millions of other exploits that Windows has.

        We might all be old & dead by then. ;)
        ScorpioBlue
        Reply Vote

      • RE: Apple slaps another security band-aid on iTunes

        @ye Never gonna happen dude, as technology grows exponentialy, the growth of noobs follows along :p

        Until we manage to develop some knowledge photocopying device, we won't be able to teach every noob out there the basics of man-made technology; "<b><i>Nothing made by man is indestructable by man</i></b>" :|
        MrElectrifyer
        Reply Vote

      • K olbe

        Start teaching...

        lol...
        ScorpioBlue
        Reply Vote

    • RE: Apple slaps another security band-aid on iTunes

      @thewhitedog <br><br>LOL, it's Windows' fault that iTunes has security holes. And magically, those same security holes disappear as soon as Apple patches iTunes.<br><br>Absolutely classic! Folks, you can't makes this stuff up.<br><br>No seriously, are there actually people out there that are that clueless? Apparently there are...
      Qbt
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close