All the latest UK technology news, reviews and analysis
|
|
|
17 Jan 2005
Code that allows hackers to exploit a vulnerability in Apple's iTunes software has appeared over the weekend.
The code was posted on the Bugtraq mailing list by someone known only as 'Nemo', and acknowledges the help of three friends 'andrewg', 'mercy' and 'core'. The code is designed purely as a proof of concept and contains no virus or Trojan payload.
"Here is some code to exploit the vulnerability. It will generate a *.pls file which, when opened with iTunes 4.7, will bind a shell on port 4444," said 'Nemo' in the message.
Early versions of iTunes are vulnerable to hackers who can build malicious playlist files which crash the application. Code can then be inserted, either to spread a virus or allow the attacker to take control of the host PC.
The latest version, iTunes 4.7.1, is not affected by the vulnerability and can be downloaded from Apple's website here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Principal Development Engineer Lead- London - Smart TV...
Development Engineer - London - Smart TV, Gaming, Tablets...
Principal Development Engineer - London - Smart TV, Gaming...
Test Engineer -London - Smart TV, Gaming, Tablets, PC...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?