Nomad559
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 10:51 AM
Original message |
| Apple iTunes Playlist Handling Buffer Overflow Vulnerability |
|
Apple iTunes Playlist Handling Buffer Overflow Vulnerabilityhttp://secunia.com/advisories/13804Highly critical
Software: iTunes 4.x
Description:
Sean de Regge has reported a vulnerability in iTunes, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of .m3u and .pls playlists. This can be exploited to cause a buffer overflow via a specially crafted playlist containing an overly long URL.
Successful exploitation may allow execution of arbitrary code.
Solution:
Update to version 4.7.1.http://www.apple.com/support/downloads/itunes471.htmlhttp://secunia.com
|
| Deja Q
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 11:04 AM
Response to Original message |
| 1. What? You mean Macs aren't immune to the script kiddies? |
|
ROTFLMAO. I've known that for years. ANYTHING can be exploited. The reason why many don't is because the Mac is down to 0.5% in the market.
If the Mac had even 5% of the market like Linux does in the server area (LOL, that figure was from 1998 and the amount since then has rather increased, with Linux potentially set to replace Windows in the next 6~7 years), you can bet your sweet bippy that Macs would be targeted too. (Mac zealots who claim Macs are invulnerable are almost entertaining when they do their song and dance about their computers being so perfect.)
|
| ET Awful
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 11:07 AM
Response to Reply #1 |
| 2. I was just thinking the same thing :) |
|
Hehehe. . . Apple is invulnerable man. . . this just can't be.
It's jsut another sign of the pending apocalypse man.
:evilgrin:
|
| DS1
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 11:16 AM
Response to Reply #2 |
| 3. I just saw a Mac User making two little slips |
|
A) He's on the latest patch of OS X, which contridicts the "XP has too many patches" argument
B) He's not going to "hold Apple responsible for a funky third party driver" which had crashed his machine, so when it does crash it's not Apple's fault.
|
| ET Awful
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 11:33 AM
Response to Reply #3 |
| 4. OF course, using argument B . . . |
|
Most of the problems he tries to attributed to Windows aren't the fault of Microsoft, as all are third party programs. So malware, since it is not written by Microsoft, can't be blamed on them using his logic. Same with third party drivers for SCSI cards, graphics cards and the like.
So, using his argument, Windows is completely problem free.
|
| DS1
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 09:59 PM
Response to Reply #4 |
| 16. Which is what ~he~ was saying |
|
but not seeing it due to the trees ;-)
|
| chenGOD
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 12:23 PM
Response to Reply #1 |
| 7. Umm please note that this affects the Windows OS |
|
as well as the Mac OS.
And there is a fix available for it right away.
Of course no OS is totally secure, but I would wager that OS X is much more secure than XP.
|
| benburch
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:30 PM
Response to Reply #1 |
| 8. Actually, this means they are immune. |
|
Launch iTunes. It will tell you to update to the new version immediately.
A skript kid would have to strike in the tiny window between the vulnerability being shown and the vast majority of systems being updated. Also, he would need to be smart enough to manage Power PC machine code, which they are not.
So, this door was being closed before you ever heard about it, and even if it had not, there are no virus writing kits for a skript kid to abuse.
Sorry, it will be a cold day in hell before there is even 1% of the virus and worm problem on the mac that there is on Whinedows.
|
| Commie Pinko Dirtbag
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:34 PM
Response to Reply #8 |
| 10. Very similar to the way things happen in Linux. Of course, they're both |
| Name removed
(0 posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 11:43 AM
Response to Original message |
|
Message removed by moderator. Click here to review the message board rules. |
| Name removed
(0 posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 12:05 PM
Response to Reply #5 |
|
Message removed by moderator. Click here to review the message board rules. |
| Commie Pinko Dirtbag
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:32 PM
Response to Reply #6 |
| 9. CRAP! Late to the party AGAIN! |
|
Isn't it odd that not even Linux vs. Windows flamewars elicit deleted messages until Apple is involved? And they say WE are religious. Feh.
|
| benburch
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:50 PM
Response to Reply #9 |
| 11. I dunno what sets those Windows guys off over Apple??? |
|
Do you have any ideas?
I try to be polite by they cannot even admit simple things like the facts that there are 100,000+ known Windows viruses, and less than 100 for all versions of Mac OS, and ONE for any version of Mac OSX (and which won't work on an up to date system).
In contrast I get along fine with Linux folks, and BSD folks, and Amiga folks, and VAX/VMS folks... None of this hyperbolic trashing of the Mac platform.
|
| Commie Pinko Dirtbag
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:56 PM
Response to Reply #11 |
| 12. About the only thing Linux users will say bad about Apple is |
|
"This hardware is too expensive for its specs." Which is an undeniable truth. But, other than that, Macs are a-OK by me.
|
| benburch
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 07:57 PM
Response to Reply #12 |
|
But feel that the software is enough of an advantage to cover the maybe 10% premium.
|
| benburch
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 08:04 PM
Response to Reply #12 |
| 14. Oh, I was meaning to ask you a Linux Question... |
|
If you were going to rent a server in a remote place, would you rather it were RedHat, or Debian? I may need to make that choice this week.
|
| Commie Pinko Dirtbag
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 08:08 PM
Response to Reply #14 |
| 15. Red Hat. Personal taste. |
|
I find it to have the best combination of up-to-dateness and stability. The third party repositories are also better cared for. May I ask what company is it? PM me if you don't want it to be public.
|
| slutticus
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sat Jan-15-05 10:20 PM
Response to Original message |
| 17. Shit. Thanks for posting this. |
|
I was kinda procrastinating on the updating of my iTunes version.
|
DU
AdBot (1000+ posts)     |
Thu Apr 25th 2024, 02:49 PM
Response to Original message |
Printer-friendly format
Email this thread to a friend
Bookmark this thread
