Comments on: Apple plugs security hole in iTunes

Flaw, described as "highly critical" by Secunia, could let an attacker sneak into a system or cause the music software to crash.

[privatec]

Is it me?

Does anyone ever use iTunes to go anywhere other than iTMS? If
not, the fix would appear to be not downloading music from
'dodgy' sites.

well, i can use that argument for any site

I mean, come on - the point is that dodgy sites often go to trouble to make themselves look legitimate. That's not a reason to say that this isn't critical.

[Steve Bryan]

Maybe not that simple

You might be right that the risk was only in iTunes but news stories are still not interactive so more details might not be easily found. Specifically there was a buffer overflow in MPEG 4 decoding which makes it sound more like a QuickTime problem. If you are using QuickTime on your Mac or PC for web content you could easily be at some random site viewing MPEG 4 content. If that is the case then iTunes would just be what a journalist might use in a news story because it has higher recognition.

In fact it is not likely that the actual MPEG 4 code would be in iTunes but I am just speculating here.

[privatec]

Is it me?

Does anyone ever use iTunes to go anywhere other than iTMS? If
not, the fix would appear to be not downloading music from
'dodgy' sites.

well, i can use that argument for any site

I mean, come on - the point is that dodgy sites often go to trouble to make themselves look legitimate. That's not a reason to say that this isn't critical.

[Steve Bryan]

Maybe not that simple

You might be right that the risk was only in iTunes but news stories are still not interactive so more details might not be easily found. Specifically there was a buffer overflow in MPEG 4 decoding which makes it sound more like a QuickTime problem. If you are using QuickTime on your Mac or PC for web content you could easily be at some random site viewing MPEG 4 content. If that is the case then iTunes would just be what a journalist might use in a news story because it has higher recognition.

In fact it is not likely that the actual MPEG 4 code would be in iTunes but I am just speculating here.

Yet another CNET bias

Wonder how this story didn't make it onto CNET?

If this was a Microsoft issue, then it would be front-page news for TWO DAYS on CNET, but since it's mozilla, it goes unmentioned:

---------------
News: Zero-Day Firefox Exploit Sends Mozilla Scrambling

The open-source Mozilla Foundation rushes out a partial fix
for an "extremely critical" Firefox flaw after exploit code
leaks onto the Web.
http://ct.enews.eweek.com/rd/cts?d=186-2006-8-85-100214-227178-0-0-0-1

[M C]

Yes, biased, but not the way you think

CNet loves controversy. "Security flaws" = site hits.

And Apple articles routinely make their most-read stories, so they LOVE to combine "flaws" with Apple. It gets a rise out of their readers.

[Homer J. Simpson]

Try reading the news before posting....

http://news.com.com/Exploit+code+chases+two+Firefox+flaws/2100-1002_3-5700204.html

It was on the front page all day yesterday.

[System Tyrant]

What does this...

have to do with Apple. This isn't about Mozilla or Firefox it's about Apple's iTunes.

[dawn_kawamoto]

Bias? ....no

We ran the story on Firefox yesterday....

http://news.com.com/Exploit+code+chases+two+Firefox+flaws/2100-1002_3-5700204.html

We value are readers and strive to deliver the news in a timely fashion.

Take care and appreciate all comments,
Dawn

Yet another CNET bias

Wonder how this story didn't make it onto CNET?

If this was a Microsoft issue, then it would be front-page news for TWO DAYS on CNET, but since it's mozilla, it goes unmentioned:

---------------
News: Zero-Day Firefox Exploit Sends Mozilla Scrambling

The open-source Mozilla Foundation rushes out a partial fix
for an "extremely critical" Firefox flaw after exploit code
leaks onto the Web.
http://ct.enews.eweek.com/rd/cts?d=186-2006-8-85-100214-227178-0-0-0-1

[M C]

Yes, biased, but not the way you think

CNet loves controversy. "Security flaws" = site hits.

And Apple articles routinely make their most-read stories, so they LOVE to combine "flaws" with Apple. It gets a rise out of their readers.

[Homer J. Simpson]

Try reading the news before posting....

http://news.com.com/Exploit+code+chases+two+Firefox+flaws/2100-1002_3-5700204.html

It was on the front page all day yesterday.

[System Tyrant]

What does this...

have to do with Apple. This isn't about Mozilla or Firefox it's about Apple's iTunes.

[dawn_kawamoto]

Bias? ....no

We ran the story on Firefox yesterday....

http://news.com.com/Exploit+code+chases+two+Firefox+flaws/2100-1002_3-5700204.html

We value are readers and strive to deliver the news in a timely fashion.

Take care and appreciate all comments,
Dawn

[M C]

4.8 is not primarily a patch, but fixing a flaw so fast looks good on Apple

Completely unmentioned in this "news" story is the fact that the 4.8 update enables Quicktime video support (purchasing and playback) in iTunes.

CNet loves Secunia's PR releases, though, so they went with that, even though once again this flaw was a non-issue and went from security-company discovery to patch in less than a week.

[M C]

4.8 is not primarily a patch, but fixing a flaw so fast looks good on Apple

Completely unmentioned in this "news" story is the fact that the 4.8 update enables Quicktime video support (purchasing and playback) in iTunes.

CNet loves Secunia's PR releases, though, so they went with that, even though once again this flaw was a non-issue and went from security-company discovery to patch in less than a week.

be thankful

im just thankful that apple is quick to repair all their security flaws. there was an article early about malware in the new tiger OS, but they've issued a resolution for it already. i guess we just sit and wait for the next hole to be discovered in apple software

has apple started hiring ex MS programmers or what?

be thankful

im just thankful that apple is quick to repair all their security flaws. there was an article early about malware in the new tiger OS, but they've issued a resolution for it already. i guess we just sit and wait for the next hole to be discovered in apple software

has apple started hiring ex MS programmers or what?

[Thomas, David]

MPEG-4 ... video, not audio Right?

If I am not correct, but I think I am, This is a patch for movie files,
which ARE primarily downloaded from sites OTHER than iTunes
(ITMS).

I am NOT a mac hater. Just the opposite. But I think we should
keep the confusion to a minimum. I am a wrong, then I will do my
Rosanna ODanna bit.

[M C]

That's right...

Which is why, in the first version of iTunes that is actually designed to handle video, the hole is closed. ;-)

[Thomas, David]

MPEG-4 ... video, not audio Right?

If I am not correct, but I think I am, This is a patch for movie files,
which ARE primarily downloaded from sites OTHER than iTunes
(ITMS).

I am NOT a mac hater. Just the opposite. But I think we should
keep the confusion to a minimum. I am a wrong, then I will do my
Rosanna ODanna bit.

[M C]

That's right...

Which is why, in the first version of iTunes that is actually designed to handle video, the hole is closed. ;-)