• On TV.com: CHUCK Spied a Return Date
advertisementGet Smart about Business Spending
March 12, 2009 12:53 PM PDT

Apple's iTunes 8.1 plugs malicious podcast security hole

by Elinor Mills
  • Font size
  • Print
  • 6 comments

Apple on Thursday released iTunes 8.1, which includes a fix for a vulnerability that could lead to theft of usernames and passwords if a podcast containing malware were subscribed to.

The software update addresses a design issue in the iTunes podcast feature that made it possible for a subscription to a malicious podcast to cause an authentication dialog to be displayed that could prompt the user for log-in credentials to the podcast server, Apple's advisory said.

The issue affects Mac OS X v 10.4.10 and later. The issue was reported by Simon Bellwood.

iTunes 8.1 also fixes a vulnerability that could allow maliciously crafted Digital Audio Access Protocol messages to cause a denial of service on computers running Windows XP or Vista. Fortinet's Fortiguard Global Security Research team is credited with discovering this bug.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Vulnerabilities & attacks

Tags:

Apple,

security,

iTunes,

malware,

podcast

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Cisco launches iPhone security app
Town to photograph every car that enters and leaves
New Firefox 3.6 beta aims to cut crashes
Facebook adopts new privacy policy
Related
iPod nano updated to 1.0.2
Jailbroken iPhone? SSH installed? Beware of worms!
Browser security features compared
For the Record Podcast: '12 scams of Christmas'
The 404 461: Where we turn down the ugly knob
Apple plugs holes for domain spoofing, other attacks
Cisco launches iPhone security app
iTunes updated to 9.0.2
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by kernmapp March 12, 2009 2:07 PM PDT
they still hav not fixed the cd burning issue!
Reply to this comment
by BtmnHatesRbn March 12, 2009 2:32 PM PDT
And what "issue" is that? I make CDs and data discs all the time with iTunes...any version since 2.0.4.
by annie33026 March 16, 2009 7:32 AM PDT
Is that what's wrong with my cd burner????????
by BtmnHatesRbn March 12, 2009 2:32 PM PDT
The only two podcasts I ever encountered that wanted log-in info was Rush Limbaugh's and Jerry Doyle's.
Reply to this comment
by Perry_Clease March 12, 2009 2:36 PM PDT
Does Rush want iTunes to fail :)
by Lockdog91 March 12, 2009 3:33 PM PDT
I installed 8.1 and it's not letting me manually update my media on my iPhone. When I click on the Manual Update option, it's stating that my data's stored on another computer and I will lose my data if I proceed. I hope they get it fixed.
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement

E-tailers linked to 'scam' blame customers

Priceline, Classmates.com, and Orbitz say customers should read the fine print before complaining about being charged to join loyalty programs they didn't want.

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET