Apple's iTunes 8.1 plugs malicious podcast security hole

Apple on Thursday released iTunes 8.1, which includes a fix for a vulnerability that could lead to theft of usernames and passwords if a podcast containing malware were subscribed to.

The software update addresses a design issue in the iTunes podcast feature that made it possible for a subscription to a malicious podcast to cause an authentication dialog to be displayed that could prompt the user for log-in credentials to the podcast server, Apple's advisory said.

The issue affects Mac OS X v 10.4.10 and later. The issue was reported by Simon Bellwood.

iTunes 8.1 also fixes a vulnerability that could allow maliciously crafted Digital Audio Access Protocol messages to cause a denial of service on computers running Windows XP or Vista. Fortinet's Fortiguard Global Security Research team is credited with discovering this bug.

This article was first published as a blog post on CNET News.

Talkback 0 comments

• Regional Web & Security Integration Engineer
• IT Risk and Compliance Manager SDLC / CBD / $
• VicePresident, Risk & Compliance (European Funds Giant)
• VP Global Risk & Compliance (6 yrs exp) Hong Kong
• Compliance, Risk & Security Manager

TechGuides

Use shades of gray to enhance scale in Excel

Excel's palette is generous, but don't throw buckets of pigment all over your spreadsheets just because you can.

Read more »

Latest from Blog Central

Ultimate 2012 recovery site: the moon

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks

Hitachi Eco-Products