Apple iTunes vulnerability on Windows
eEye has discovered a remotely expoitable security vulnerability in Apple’s iTunes software. It affects iTunes 6 and prior and the current security updates (released yesterday) do not address the issue. News.com has coverage as well. Earlier they reported that it affected “all operating systems”, however now they are saying that it’s only been found on Windows systems using iTunes.
The flaw enables malicious hackers to launch arbitrary code remotely, once a user clicks on a malicious Web site link or opens a malicious e-mail, Manzuik said.
eEye will not disclose details on the vulnerability until there is a patch available for the problem.