iTunes at risk for hacker attack
A security flaw in Apple Inc's Quicktime media software can be taken advantage of by malicious programs, according to security researchers, making applications like iTunes that depend on the standard open to hacker attacks.
The flaw is found inside the Real Time Streaming Protocol (RTSP) on which Quicktime's servers and clients are built, according to the United States Computer Emergency Readiness Team (US-Cert). Unwary users who load rogue RTSP code - via a webpage, or from a file -can give attackers access to their computers undetected, the agency warned.
Programs that depend on Quicktime, such as Apple's iTunes online media-store can be potential compromised.
US-Cert is recommending users consider several workarounds to potentially minimize exposure to the RTSP vulnerabilities.
The workarounds include disabling QuickTime ActiveX controls on Internet Explorer, QuickTime plug-ins for Mozilla-based browsers, JavaScript, and file association for QuickTime files. Other suggestions include avoiding QuickTime files that come from untrusted sources.
Earlier this month, Apple released QuickTime 7.3 to address seven security flaws in QuickTime 7.2. The fixes, however, did not deal with the RTSP vulnerability cited by security researchers over the past three days.
Apple QuickTime versions 7.2 and 7.3 on Windows Vista and Windows XP Pro SP2 are both affected.
© Copyright IBTimes 2024. All rights reserved.