iTunes 6 and previous versions are affected by the flaw according to the product manager at eEye, Steve Manzuik. The flaw could allow an attacker to rub arbitrary code on a remote system if a user clicked on a malicious website link or opened a malicious email. "iTunes is widespread, so there is a large exploit base," Manzuik said. Apple didn't comment on the flaw however, as it is company policy to not discuss or confirm security flaws until an investigation has been conducted and patches have been issued.
Source:
News.com
Written by: James Delahunty @ 20 Nov 2005 20:33