Apple includes over 160 iTunes gaps
The security advisory to the just-released iTunes version 10.7 has alarming proportions: According to this update includes fixes vulnerabilities, which total 163 CVE numbers are assigned. At second glance, it is striking that the vulnerabilities in the browser engine WebKit is that iTunes uses to display the HTML-based multimedia shops. Affected here is only the Windows version of iTunes. The Mac version of iTunes 10.7 was not patched, where improved error in WebKit in Apple Safari on updates.
Disturbing is that the gaps in Google's Chrome browser, which is also based on WebKit, were closed as part already half a year ago and Apple has hedged its Safari users on the Mac back in July. These gaps have the experience in itself: the worst case, an attacker can inject malicious code, according to Apple through it into the system, which is executed when visiting a specially crafted web page. Apple has released iTunes that still quite a lot of time could be that you can not call it any website.
Nevertheless, one should not take the gaps lightly. It is about the ability to manipulate public networks as a man-in-the-middle traffic so web exploits to infiltrate the shop pages. Also, a cross-site scripting vulnerability (XSS) in the user could store an outdated version of iTunes undoing.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment