iTunes users at risk from hackers

Users of Apple's iTunes software need to upgrade immediately to avoid their computers being compromised, security experts have warned.

Hackers can build malicious playlist files which they can use to crash the application and seize control of the computer by inserting Trojan code, according to security firm iDefence. The rogue playlists can be identified by their unusually long URLs.

"The problem specifically exists when parsing playlist files that contain long URL file entries," warned iDefence in an advisory this morning.

"Malicious playlist files can come with either the .m3u or .pls extension. Although their formats are different, the vulnerability in each is the same."

The company advises users to upgrade to iTunes 4.7.1, which fixes the problem, and to avoid downloading playlists from unknown sources.