Code that allows hackers to exploit a vulnerability in Apple's iTunes software has appeared over the weekend.
The code was posted on the Bugtraq mailing list by someone known only as 'Nemo', and acknowledges the help of three friends 'andrewg', 'mercy' and 'core'. The code is designed purely as a proof of concept and contains no virus or Trojan payload.
"Here is some code to exploit the vulnerability. It will generate a *.pls file which, when opened with iTunes 4.7, will bind a shell on port 4444," said 'Nemo' in the message.
Early versions of iTunes are vulnerable to hackers who can build malicious playlist files which crash the application. Code can then be inserted, either to spread a virus or allow the attacker to take control of the host PC.
The latest version, iTunes 4.7.1, is not affected by the vulnerability and can be downloaded from Apple's website here.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all