Apple bitten by iTunes security bugs

Status
Not open for further replies.
Osiris

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Security researchers have discovered four critical vulnerabilities involving Apple's QuickTime media player software and the download application for Apple's iTunes music store. The flaws create a means for hackers to take control of affected systems, according to eEye Digital Security, the firm that discovered the bugs.

All four security issues are exploitable via iTunes. Because of the popularity of Apple's iPod among office workers many businesses, as well as consumers, are potentially exposed to attack. The cross platform flaw affects Windows 2000, Windows XP and Apple Mac OS X systems running vulnerable versions of iTunes. Fortunately Apple has released a fix. Users are urged to update to QuickTime 7.0.4.
 
Apple has denied that it retains any of the information that the latest update to its hugely popular jukebox software, iTunes, creates as it monitor users' listening selections.

iTunes 6.0.2 was released earlier this week. Among the tweaks is MiniStore, an iTunes Music Store panel that appears below library track lists. Many users immediately found and used a button located among those in the bottom right-hand corner of the window and turned MiniStore off. However, a number of others, cited by a range of websites, spotted sudden increases in network activity when the feature is enabled.

SPONSORED LINKS
You inspire awe - Jobsite, The best people for the job

At Rackpace Managed Hosting we're passionate about the hosting business and we're here to stay - Click Here

Learn appraisal techniques from The Register's training library

Search the latest IT jobs - Jobsite
The reason: the MiniStore uses what you're listening to to display a series of related albums and songs you may like to buy. You could argue it's no more spyware than Amazon.com's purchasing suggestions - a technique used by numerous e-commerce sites - but it's got some folk in a tizzy.

So much so that Apple this week contacted a number of websites to insist that the feature not only doesn't record the data it grabs, but when the MiniStore is disabled, no such data is sent back to the ITMS servers.

Curiously, Apple's support Knowledge Base has an entry dated 4 January 2006 - before iTunes 6.0.2 was released - tells users how to turn MiniStore on and off. The document was updated on 9 January 2006. It's not clear what was modified on that date, but it does say: "iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store."

A retro-active addition to guard against complaints that Apple didn't mention its little tracker up front? We can't say, but the moral of the story is clear: tell people what you're up to first. We downloaded iTunes 6.0.2 as soon as it appeared in our Software Update check and don't recall seeing anything about sending data back to ITMS
 
Apple has denied that it retains any of the information that the latest update to its hugely popular jukebox software, iTunes, creates as it monitor users' listening selections.

iTunes 6.0.2 was released earlier this week. Among the tweaks is MiniStore, an iTunes Music Store panel that appears below library track lists. Many users immediately found and used a button located among those in the bottom right-hand corner of the window and turned MiniStore off. However, a number of others, cited by a range of websites, spotted sudden increases in network activity when the feature is enabled.

The reason: the MiniStore uses what you're listening to to display a series of related albums and songs you may like to buy. You could argue it's no more spyware than Amazon.com's purchasing suggestions - a technique used by numerous e-commerce sites - but it's got some folk in a tizzy.

So much so that Apple this week contacted a number of websites to insist that the feature not only doesn't record the data it grabs, but when the MiniStore is disabled, no such data is sent back to the ITMS servers.

Curiously, Apple's support Knowledge Base has an entry dated 4 January 2006 - before iTunes 6.0.2 was released - tells users how to turn MiniStore on and off. The document was updated on 9 January 2006. It's not clear what was modified on that date, but it does say: "iTunes sends data about the song selected in your library to the iTunes Music Store to provide relevant recommendations. When the MiniStore is hidden, this data is not sent to the iTunes Music Store."

A retro-active addition to guard against complaints that Apple didn't mention its little tracker up front? We can't say, but the moral of the story is clear: tell people what you're up to first. We downloaded iTunes 6.0.2 as soon as it appeared in our Software Update check and don't recall seeing anything about sending data back to ITMS
 
Status
Not open for further replies.

Similar threads

H
Critical vulnerability remained hidden for 12 years, make sure to apply patches now.
Replies
1
Views
1K
PP Mguire
PP Mguire
~mr mixx~
Processor Exploit found
Replies
3
Views
1K
cb600fshornet
cb600fshornet
XWrench3
security cameras
2
Replies
18
Views
3K
PP Mguire
PP Mguire
MadmanRB
  • Locked
So... why do people buy Apple Computers anymore? (minor rant)
2 3
Replies
26
Views
78K
Trotter
Trotter
Technician1
Apple will lock your phone if it is worked on by anyone but Apple...for your security
Replies
9
Views
2K
jarlmaster
jarlmaster
Back
Top Bottom