Skip to content

iTunes affected by zero day exploit

By David Cawley | 1 minute read

[Update: 29th November 2:30pm] Proof of concept code is now publicly available for this exploit on Mac OS X – Both Leopard and Tiger on Intel and PowerPC architectures are vulnerable.

The US Computer Emergency Readiness Team released a note warning of a zero day exploit for the Apple QuickTime product. iTunes user’s should be aware that they are also affected since QuickTime is a component of it.

The bad news is that the exploit code is already available and virus writers are no doubt scurrying to create an attack. To make matters worse, there isn’t currently a patch available so the iTunes product is vulnerable even when updated. An attacker could use several methods to infect a machine such as simply connecting to a machine on the RTSP port, linking to a malicious file, sending the file as an e-mail attachment or using the web browser (javascript/plugins/ActiveX).

Cut your support tickets and make customers happier