Apple - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Apple


Pair of Apple Products Leaves Sour Taste



 By: Ryan Naraine
2005-11-28
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Apple story.


Rate This Article:
Poor Best
Researchers at eEye Digital Security have taken a bite out of two popular Apple Computer Inc. products, flagging two critical vulnerabilities in the iTunes and QuickTime applications.

Researchers at eEye Digital Security have taken a bite out of two popular Apple Computer Inc. products, flagging two critical vulnerabilities in the iTunes and QuickTime applications.

The flaws, which put millions of Windows users at risk of code execution attacks, remain unpatched.

Steve Manzuik, security product manager on eEyes research team, said the newest version of iTunes, which was released by Apple earlier this month, contains the vulnerability.

Resource Library:

eEye, of Aliso Viejo, Calif., has posted two brief notices on its Web page for upcoming advisories warning that the flaws carry a "high risk" label.

"These vulnerabilities require that the user clicks on a link and launches a media file. But once theyre exploited, we can run pretty much any piece of malicious code on the box," Manzuik said.

eEye is still running tests against Apples Mac OS X operating system. As per policy, Apple, of Cupertino, Calif., does not comment on potential security vulnerabilities in its products until a fix is available.

Manzuik said Apple acknowledged receipt of the flaw reports, which included sample proof-of-concept exploit code. In all, eEye has flagged three separate code execution flaws in the two products.

The discoveries come just weeks after Apple released a fix for three gaping security holes in QuickTime.

Manzuik said all the vulnerabilities were discovered in the way the two software products execute certain files. "The class of flaw would be considered similar, but they are three separate issues," he said.

Manzuik said it is surprising—and disappointing—that users tend to ignore serious bugs in desktop applications such as digital media players. "Media player flaws always fly under the radar, but thats where the malicious hackers are looking for vulnerabilities," he said. "A lot of users can be tricked into opening files. These are very serious flaws."

Ryan Naraine is a senior writer for Ziff Davis Internet.





  Reader Comments: Pair of Apple Products Leaves Sour Taste
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Apple Articles          >>> More By Ryan Naraine
 


x}ks㶲*Q3CO#Mɖ<4Lj I)RQO/Oon|AI~LĶD th4I"nZΈ\̦d}胿O$w}k9UQ#3W)9bPS4mZΠN@\~}@^}fwD%x_'Щ=ѩ:€wɘZqPɈQۗ>}^~d .hrLIl/G5tuO`nZN<Q_ERNȏmm$oaX}:[Q=2pYBT!|DJ%h!!Qus?=~'fgB(ƻF {iZGd`vu=yͰ { /\1r.b,{{w4ɿTݑu:{R'-,v2M*-f:9z u v=r@J53' =K;O=kN]w=jP?B1 Α[w5-%uP\Oo:Y\u>..Ƀ-N6|'[ɿ0QT&*rpE4d™EUCdvה-^m^:CYf0ZhCA+tW?C{ˠjq{ּ}m_5;]rֹ!iŝyN4p'3 ZʟZv`KK'^C׉MXCyC0-ߕҡ#3\8?\OIN©,7{MytǷP[,r$BFrFT|Y|ěy30si2)߆I&@w[@k+UykQ 4+@_x0ND5kSfMr,eg{0@M)61p9k 3!RBʼۤ%/^(P%!P샖_.[ jF|*(If({΀/3A.r)#t 6=aL+^뻹(4l.k\'֛esJVt];7Eя0-*<ZާVt;W~lu-xX18,]evb`\\Է7J06_)Ab/*rkhc2ud8԰ 5٤6'4}t>჎$>hƋCr[n-rӇ{u4@ݣn]=&tfiXŞ+LPZi`IE 6]LR}>tqHhS0<zw0[[衟#j{t t,/{@`\@8)HpyY?g>o Wk6G~[>l03uJ@i0x1C7EУ$@!-i]R@Az6W? -,rr2 "azGBjK%6Os@PG҅;rjTD;7 KŔ=*%nqR%a 934YIjL=?j1!UG,D`v9J,L.h)lc ը˶V.hXi(Ps0 =#WV+%EUC`HLMq'3r`!mgf3o3p#Eq")22,Xh4Fl:Z7E^Ps} 0Ќ7_azaAz3&2W ٚMsGXL^͘;aL ¯u]'.јSQrVҳsMi _K%gYA3'|(@]4>+WUPÃ"`"+42[!! = \PȭT)w^IY䞅Tড়,H@fmd{Oq)f$ ,4tOݡ~P;?~uVkCT]۽h@r6ҁy4 m g@x dX{K/,è+AJK_ji tsaŰ,Bl6<:iМ^fdTRs4>t:>{j -j&{_&TY9?>2ei[F6oՒhcM;,WbzgܱK()mʥ ;u@4-=t`۱y:L|ф0ې t1J[Y*,b3)4j+zF of`׆ K ؈|ȁUraҝŅebiQ=k-);UC]HXa6nZ- V!0\(|pT30`-eO)]&ٰ\R ~j"yd\s˰e0Ȧ\Q݂+6E)'!5 cd]Xz@4`D pHE&A|Zkhp B@U.(L19r2b*X[PTB$&6t݁ĒbtXQ ]jsW.μ + '3E<&{HZeX}x%_(ƤOMqс,` ?+;+]>F]h!.~1X@P A6+8SӞ,jXXRO-x[zGcM! ,r޹m?ReW_1"Qeڟs;d跸@^5o8`Ȍ)Ĩ5UV *~mzoR.E׌u0ȀN{Wlȡ5Th8UnF* ϛ=G$1*@7Z ɦ~oV Ն'y6cIV`]z<->r7poj%śz_EnLsU-yFD3 =JTȭ>uO "BN7x^oxP@"ǣjZ)o ƗɘBÜObk>A֌M:kl30Uffyr;WKU05u 2 \zOtn6?[ vLB-sC dK&SsK]7a Z2Q&B8Jh-[r_A~V0u^Ac#ȫͦG0(j'#O7)~ }$DC9m^RXP]\HmP*jIIz$ :,h2Y+(#t+^}a mD<[ 1wʨXISW">wD<7Ϩ;b}Nb4PG }f q5ivėtO;~J\ZR1^Z`&1MqpuU4)$Eq~|hq\3)MF0SW5!xndLik-/ҹin8`LBX5c-ɅH'B faEq4fRxy_aݪ,d"0.&Wtr̃yE9ǀzB*lw/_i%$C[( `E/Щ c~HFrI'zRG>egi/PAN3Rt8|QrwۿPo1Mr!}K_cOߗfٿh<$]{pУXJqkf3\a~:)}B/-N9˝~LҼ"g Í76w jE p[ISB9kթ-ݱi'>eax!w m(q%՝b"f(BٺCO,,m&SsS)y" m$jRSfj# $_2 I,v+htlA׍ jÚ]e .i_~عm|d`=`l)Za"|)Nr >m\`e>%';yRb QגZ4ҫoeW!9 lj9l0`&09ϫb~]4zxXtgXu@ڎ'.snxwĎ+^@(NVp2k-x+[_Y.t0믾};9]#ޣd=tWcDP~zN` s o.(cǩm:{@D'rg ,Fu d3DoӼ4hApl3O7C]j~d_s1T7?_gpKw z >+-R!EkEwWUK O7ʢE'%:mחF}޿V5BĬhw4hTɁo !Ok O=pԲىƓy|yg>,d9a}40[ɱ=Ι2F'`-ݺܭ)“g$`GDA|ég涣A jm3Z0\k9f>V2OBc+YT^?1;hV6֊ v™)[ g?2 |kM-9&p$ qI7̼V&Q~2*kwOƥG/>qĨ`lox?r`f[|!rxV>'lh Q)k$b]QN0 04] t' u]ʒ6(P_Btl叺O纪$k̲Y ƘdAR}1gsWZ1!xS3<(1͙=˶ ;  O'oaI][@3%|,j&Ǡue".c[zw6QLLG\-Gd(΀,>S¡Z|L(P6Nr19pa6HȂҪ A b[! mC [ĭNN^>vO"P< flȎHPA]="DdnA&s˞xeڔX qpOVk,חzc=NݙmT{!uRX-e@Lyd}1*D@ % (A,Q3 .y!͘e`w1uFq=MY#U)chRK˙Wߠ)#&(`%nԞ/-sr#ʜzK?l@xGڛJՂvXR3xS@Dz,xC@KI؄8:t%l\ڠg&Sg> R7r} L'!ҒV)WFv&!~ 7COHD;^i|2,^ږŋe#=̚Ha  |z!¡IB(_s>ЭR{'H*)m\ÐY)0^9-38Ƕ-"yn!ZY3 1mǸs #,-hbCΗy*JTǡ kqb"Chڑ_xdt-U}2jΈz̻iɈ1 &I8gW$8,`DzpXk^z)B*y}WvaeIz>;_֜Jg/%al?g٠`&@a^ muHַ% :a];b~5-; Z—swpDXgMJ(.XnRtB*;Vio3{lSҀFl iIYT\Gv0_ >7B<.G%^T:TNQhq;K: Ќ=էVQ }wXvǮpA˕:-7nz`G0E&wau^lg/EאNsCܒ"D cNlt%z4;34#|WeޠYR=|˱{6w..ߨ S3 ̖xx[@5Lݭm3xaH 'w^$ZA_ݒ/,υ > 4SKesaWzkx6ڌqZod YTc黤#o2ORxݩk:^edJH;l7M |^\׆e0u҄Tٕ_֮RKҥR3<~5u:6w5y@UhxX05f^ <{{}7)"JqE  `Хw>Uq g=c KB1j 4cq5_+>51f (3063{D'&30m'ir} ![ V\[{Qֹ@cavfV"*AedK^`XH*.:&z3l [!^'|/g=2õ]w#E>2>.|00i_̯SX-lwuZ`1R"?+!l'?g^pU /zIϰOxP*|U7a0OV-e]ߥZoEx@9<u /yVm|I˱Na 0 HD/~Æ2mNuC.xM\"ūD04]qڿ9 Ϥpm:m/ Q/kzmXoT֔fr*A-[o*6௶eul:/R^ˊ̱-'?=@5>yrνko(@@q_ڳK۪_{Q}uⴖ`R2Rö뿓$yZ1n90,C$&Hm8:,^ oOtsپk6#QG?|@( xo}-^U;{Uu0Ǘڳv6 Iu>:-FY>PkݰPAgXt~D)n3DߣޕY?O0q_n׽y+C1qm Ga)lk2u@w|0_ "E3~`uxV=o0b)œp8~OjdˊvמQN|l:. :\G9c DQ\gz@R(kj hFEOA"6,y}y5F?Pxr7Nsq"96i[>['Ʈ$Jjad/|$ƽBty}`L2Ѝ;du9ꊚbMd@`A?bl\M'p.$XD Ň>&quQ%bHFpxAҲ&z(lsh*b4 B-'"5}L11%>% Zk^YR+ȈzaltOƌESj9椷 GTGRt=HU) & 0Z`7nh1|scs|#IM13bcCyml+=umc;bWglj+LxG8Ow| 􄼥޼vgO%Yձ{mh |Kxc۸K]lo mpyӓGV5U*5YDO)JhS\^Z#>=(sP="Z{4֑: bRI+-ݳ<6Rtav)q |-?v"AfӃstALr|w\׻9a@jSg& ^Rc"Wc -r29a i҉HZ۠[*н"%hP[۫u)0Z,Yqc[RJBYIc0 ":;M ̾FN099ݱLl@$)5,?^J m+Qc9ʇ1f=0TUtX³3_ňR>fD+9m {ixW EQxcLW<00t+P̲jNTxg4ٿ[!W=NlE dM, |UQ_|%w[ҥn,cMh75`(8NԗpA>po4xSPʕU+M\I5Qfـj#E~:td¤~^P_ԓ-= n2L8}͆h roEVIz# ,Ő2?ZEDt `P0\GmѾ WEkt*<>wg-d7`#oM}Ni3a0RRQ39$.+Ja  JvwKy[]/a]v c?g7,>-l  \Zs4a+ZUW9T %HU ?83)ĒF2*mGM=/7.nrj5-i`Ik„0'ld w,N餠) 0װX"h )&'8 'l/KDN1J \-uC@e=Dqzy 㣯u?H Dj/%N@3 "PV: / j1n Q&@Ĕv7UI8Fw0]ʅɃ~Vx}2=jcܕiZ5`-=5KޝR>ɖàZEQp#ߛSg0Y)غ9PRXX_1[> MꪂOJE$c$Dwh+ߺ#S/.fY#{8~oBOz%ruW0`A-'i92d2t\K=śISko;w}srֹ! rvjM\{o;urڹr־j]ߴzLG_ }e |Q)Xt 5Uš_mꌸ6W#\]drxixɎ>+azh,.6gtg(ڽ UjUzq7L&6lCFyvljŵv/N|veI5%uԦF h5zQ`1DrN.Mˊp4ħEG:W\=4[EEFG(Q Q~7Ow2ʑ{˛@f+Oח}2!>A\͌r_;i_eC?v3ʿ@">vˌ/3Y\f2?/?/3e*P93(ˌr߫ʐ+@;dN~kx:  7_/z?C?}P9g BmV9mBf_ryrָƅ)IFy)W?RErXB]eBy>++P/Үw2 : ?3/^}NV&/N3^a芪g-5nk ǸJuv ^_BKHe^#(48%Y}MNJ 4tk 7b[y@YAI{R}tEI>t𞫫i@Lw<-cENj).~QJxdB$h{U2gaOd_x=oND1KAF0wͣ}oL2f~<ĎrnOArr m>v=yU^p# Ⱦ(t^ӳOt p1Q.`=if`wƨ⾠&[c׾\a ˹ILE>&I'[VQ~c0uﰟcIg@gX3Wd]dA_d|bh6MxĹm&'מЄ2곋`9ao5RFXk;MA5ct:h}vפ3ܪ{PG1 hia)x<AESXNՂ[#rF31F#qyU YT8[A'Ҥvcw[/AI)H[aD.v۳VAxrFx D? T| 5Vj(tI`SxG16.M,~1'c.-s(ŬBSd=)O?7nG[nI 5E`r.ҀI^,T6y *>% /)i%:=-/p,Zf@6C|%Jox7>zQ[`kLu~v0q=Ķ2|R4MepvRv ?93_-rxgsg_(LOWvm:mmlP/>uOW]Q籺aJ׼t{%!Ү\)Vbʥ.Sܟ=Bbx҅fHP`y%K@ 4 78ǩk Vmx:jݾXg fkKTgwz*.u&e6r)* XGڦZ QaW~n`PSv<\JBS+$Ĥ{mh6