Site icon The Mac Security Blog

Time to Update iTunes

Remember that security update that we talked about last week? Well, if you haven’t done so already, it just became a whole lot more important that you get on it now. And while you’re at it, tell your friends.

Researchers have just published a proof of concept that allows remote code execution when unpatched iTunes versions process a malicious playlist file. That is to say, someone can make something that appears to be a music playlist that will instead run whatever malicious code they want on your machine.

At this point, this just exists as a proof of concept. The researchers have made code that proves that the exploit is possible. There hasn’t yet been any malware seen that is using this behavior. But it’s often just a matter of time before malware writers incorporate this code into their creations to get onto computers without you knowing, much like Flashback did with its Java exploit.

Share this: