Apple slaps another security band-aid on iTunes

Apple slaps another security band-aid on iTunes

Summary: Apple patches 79 gaping security holes in the iTunes for Windows software.

SHARE:

Apple has shipped iTunes 10.5 to fix mountains of security problems that expose Windows users to dangerous hacker attacks.

The security patch, available for Windows 7, Windows Vista and Windows XP SP2, fixes a total of 79 documented vulnerabilities.  The most serious of these flaws could allow remote code execution attacks via booby-trapped image or movie files.

The bulk of the vulnerabilities affect the open-source WebKit rendering engine that powers the iTunes Store and iTunes LP.

Details on the vulnerabilities can be found in this Apple security advisory.

iTunes 10.5 is being distributed via the Windows software update utility.  Alternatively, it can be downloaded directly from the iTunes web page.

Topics: Apple, Hardware, Mobility, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

42 comments
Log in or register to join the discussion
  • RE: Apple slaps another security band-aid on iTunes

    What are the criteria for a security hole to be "gaping" ?
    forrestgump2000@...
    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@... It needs to be mentioned in a ZDNet Security blog posting. "iTunes haunted by gaping holes; Apple slaps on megapatch bandaid"

      Something like "iTunes 10.5 released; patches security holes" would never suffice.
      PB_z
    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@... any security hole reported on ZDNET is gaping. And how they come to it being a band-aid is beyond me, are they view the code to see if it is a band-aid or if it is fixing the problem. And this isn't just related to Apple and iTunes but also for any patch. Adobe seems to patch "Gaping holes" in flash every other week it seems.
      Snooki_smoosh_smoosh
    • RE: Apple slaps another security band-aid on iTunes

      @forrestgump2000@...
      I wonder too! A company notifies users that is an issue with its software and issues an update to fix the problem. Someone please explain why they should be condemed rather than applauded?? Aaiiee!!
      eargasm
    • RE: Apple slaps another security band-aid on iTunes

      LOL @All of the Above :D, it's called "<a href="http://en.wikipedia.org/wiki/Yellow_journalism"><b><i>Yellow Journalism</i></b></a>"
      MrElectrifyer
    • &quot;Gaping&quot; flaw

      @forrestgump2000@... A security hole is "gaping" if it is obvious enough that a normal level of QC ought to find it, OR if it remains unpatched for very long after detection. Whether or not these seventy-nine issues were as big a deal as they're being made out to be, I can't say.
      SenorAlejandro
  • RE: Apple slaps another security band-aid on iTunes

    Look what these guys do for a living ... write about nothing and try to make it sound worth reading.
    Stix2002
    • RE: Apple slaps another security band-aid on iTunes

      @Stix2002 ... yet you read it all the way through to the end and even the comments... one can only wonder what you do for a living...
      riveroad
  • RE: Apple slaps another security band-aid on iTunes

    iTunes 10.5 also introduces iCloud (I suppose there's a separate article about that?).
    sip01
  • Finally! Apple no longer has Safari checked by default.

    Or did this happen in another update and I just missed it?
    ye
    • RE: Apple slaps another security band-aid on iTunes

      @ye LOL :D, seems like you missed it cause I never had safari checked by default during <b>ANY</b> update since early 2010 :|
      MrElectrifyer
      • While I can't say for certain when it stopped being checked by default I...

        @MrElectrifyer: ...can say I know it's been checked after early 2010. Maybe toddybottom is on to something.
        ye
    • Apple seems to turn it on and off at random

      @ye
      On my computer, it is on by default sometimes and off by default sometimes. I haven't figured out the pattern.

      The only sure thing is to be vigilant and always check. I always choose to not install Safari. I don't want it on my system.
      toddybottom
  • RE: Apple slaps another security band-aid on iTunes

    Agreed, there's a lot more to the iTunes update than security patches. And it seems the same security issues don't exist in the Mac version of iTunes, which suggests there is something about Windows that multiplies security problems. At a minimum, such problems are not the fault of third-party software developers alone. But, of course, it's too much to expect CNET to report the whole story. If only they were the sole "news" outlet to maintain such mediocre standards of journalism. Sadly, they are remarkable only for the fact that they are not remarkable.
    thewhitedog
    • They did. If you read the details you'll see...

      @thewhitedog: [i]And it seems the same security issues don't exist in the Mac version of iTunes, which suggests there is something about Windows that multiplies security problems.[/i]

      ...statements along the following:

      "For OS X Lion systems, this issue is addressed in OS X Lion v10.7.2. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2011-006."

      When will people wise up and understand there is nothing inherent in Windows which makes it any more susceptible to vulnerabilities?
      ye
      • RE: Apple slaps another security band-aid on iTunes

        [i]When will people wise up and understand there is nothing inherent in Windows which makes it any more susceptible to vulnerabilities?[/i]

        When the other ones catch up and have millions of other exploits that Windows has.

        We might all be old & dead by then. ;)
        ScorpioBlue
      • RE: Apple slaps another security band-aid on iTunes

        @ye Never gonna happen dude, as technology grows exponentialy, the growth of noobs follows along :p

        Until we manage to develop some knowledge photocopying device, we won't be able to teach every noob out there the basics of man-made technology; "<b><i>Nothing made by man is indestructable by man</i></b>" :|
        MrElectrifyer
      • K olbe

        Start teaching...

        lol...
        ScorpioBlue
    • RE: Apple slaps another security band-aid on iTunes

      @thewhitedog <br><br>LOL, it's Windows' fault that iTunes has security holes. And magically, those same security holes disappear as soon as Apple patches iTunes.<br><br>Absolutely classic! Folks, you can't makes this stuff up.<br><br>No seriously, are there actually people out there that are that clueless? Apparently there are...
      Qbt
    • RE: Apple slaps another security band-aid on iTunes

      @thewhitedog

      And what fantasy world do you live in? They wrote it, it is their issue. I would love it if they dropped iTunes for Windows then I could uninstall that crap from my wife's laptop and tell her NO!!!, it is out of date and no longer supported. Let the whining commence.
      hopp64