eEye Digital Security, which develops security and vulnerability management applications and contributes to security research and education, on Wednesday announced that it has found four security problems with Appleis QuickTime and iTunes software. The flaws could enable an attacker to take control of a Mac OS X, Windows 2000 or Windows XP computer and remotely execute harmful code.
Apple on Tuesday released iTunes 6.0.2 and QuickTime 7.0.4, both of which improve the applicationsi performance, although the company didnit go into greater detail as far as how the updates do that. Given that iTunes is closely tied to QuickTime and 42 million iPods have been sold in just over five years, eEye co-founder and chief hacking officer Marc Maiffret warned that enterprises should take the updates seriously.
"Most IT departments probably saw Appleis security update and thought ithatis a consumer application, I donit have to worry about security policies for that.i Those IT departments would be mistaken," Mr. Maiffret said in a press release. "There are few people that have not seen a co-worker with an iPod wandering the halls of their organization, and those iPods probably mean iTunes is on your network.
"These flaws highlight the need for rigorous security policies and their enforcement via network security scanning and comprehensive endpoint security that will allow enterprises to mitigate this growing threat."