- Go here.
- Make the starting city Haugesund.
- Make the ending city Trondheim.
Must be the scenic route.
Check out the link below to read about an iTunes Vulnerability and Exploit. It’s pretty important, but the short of it is update to iTunes to version 4.7.1.
Still working on getting the emoticons to be visible, so no end of the blog rundown for at least another week.
Until the next post…
Subject: [ITSO-BULLETINS-L] iTunes Vulnerability and Exploit
The most recent version of this bulletin and others can be found on the ITSO web site.
iTunes 4.7 and earlier contain a buffer overflow vulnerability that can be exploited using a maliciously crafted playlist. iTunes is digital jukebox software available at no cost from Apple for the Windows PC and the Macintosh.
Exploit code has been released for this vulnerability. An attacker could use the exploit code to craft a malicious playlist and post it publicly (on a web site or at the iTunes Music Store). Users who download and use such trojan playlists could unknowingly open back doors on their computers.
* Windows 2000 or XP running iTunes 4.7 and earlier
* Mac OS X running iTunes 4.7 and earlier
iTunes is available on the IUWare CD. If you have installed iTunes from IUWare or any other source, make sure it is up-to-date as directed below.
Upgrade iTunes to 4.7.1 as soon as possible.
iTunes for Windows will check for updates automatically by default. To check your version number, select *About iTunes* from the *Help* menu while iTunes is running. If the version number is lower than 4.7.1, select *Check for iTunes Updates* from the *Help* menu, and follow the instructions to update iTunes.
On the Macintosh, Software Update in the System Preferences will check for updates automatically by default. To check your version number, select *About iTunes* from the *iTunes* menu while iTunes is running. If the version number is lower than 4.7.1, use Software Update to update iTunes.
iTunes 4.7.1 is also available as a direct download.
Until you are able to upgrade, do not use any playlists off the web or that you’ve received unexpectedly via e-mail or instant messaging.
See the iDEFENSE advisory for more information.