Ahhh… Microsoft…

  1. Go here.
  2. Make the starting city Haugesund.
  3. Make the ending city Trondheim.

Must be the scenic route.

Check out the link below to read about an iTunes Vulnerability and Exploit. It’s pretty important, but the short of it is update to iTunes to version 4.7.1.

Thats all.

Still working on getting the emoticons to be visible, so no end of the blog rundown for at least another week.

Until the next post…

Subject: [ITSO-BULLETINS-L] iTunes Vulnerability and Exploit

The most recent version of this bulletin[1] and others[2] can be found on the ITSO web site.

BACKGROUND

iTunes[3] 4.7 and earlier contain a buffer overflow vulnerability that can be exploited using a maliciously crafted playlist. iTunes is digital jukebox software available at no cost from Apple[4] for the Windows PC and the Macintosh.

IMPACT

Exploit code has been released for this vulnerability. An attacker could use the exploit code to craft a malicious playlist and post it publicly (on a web site or at the iTunes Music Store). Users who download and use such trojan playlists could unknowingly open back doors on their computers.

PLATFORMS AFFECTED

* Windows 2000 or XP running iTunes 4.7 and earlier
* Mac OS X running iTunes 4.7 and earlier

LOCAL OBSERVATIONS

iTunes is available on the IUWare[5] CD. If you have installed iTunes from IUWare or any other source, make sure it is up-to-date as directed below.

ITSO RECOMMENDATIONS

Upgrade iTunes to 4.7.1 as soon as possible.

iTunes for Windows will check for updates automatically by default. To check your version number, select *About iTunes* from the *Help* menu while iTunes is running. If the version number is lower than 4.7.1, select *Check for iTunes Updates* from the *Help* menu, and follow the instructions to update iTunes.

On the Macintosh, Software Update[6] in the System Preferences will check for updates automatically by default. To check your version number, select *About iTunes* from the *iTunes* menu while iTunes is running. If the version number is lower than 4.7.1, use Software Update[7] to update iTunes.

iTunes 4.7.1 is also available as a direct download[8].

WORKAROUNDS

Until you are able to upgrade, do not use any playlists off the web or that you’ve received unexpectedly via e-mail or instant messaging.

FURTHER READING

See the iDEFENSE advisory[9] for more information.

Links:
[1] https://itso.iu.edu/bulletins/ITSO.2005.01.18.itunes
[2] https://itso.iu.edu/bulletins/
[3] http://www.apple.com/itunes/
[4] http://www.apple.com/
[5] http://iuware.iu.edu/
[6] http://www.apple.com/macosx/upgrade/softwareupdates.html
[7] http://www.apple.com/macosx/upgrade/softwareupdates.html
[8] http://www.apple.com/itunes/download/
[9] http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities

One thought on “Ahhh… Microsoft…

  1. Leave it to Microsoft to take a relatively simple task, and screw it up. I mean honestly – the quickest route is like 47 hours, and the shortest route, can’t quite figure out the difference there, but anyway, the shortest route is longer, by 4 hours. Hrm – looks like it should only take around 3 hours max. Fy Microsoft.

Leave a Reply