Risk: High
A critical vulnerability has been found in some versions of Apple's popular iTunes that could allow attackers to remotely take over a user's computer, according to a warning issued by security research firm eEye Digital Security. This is a critical vulnerability that may enable hackers to execute arbitrary code remotely.
The discovery of this latest flaw comes days after Apple issued its iTunes 6 for Windows security update.
The latest iTunes flaw has been confirmed on Windows, and is being investigated on Mac OS X, according to a security warning issued by the same security firm.
This flaw allows malicious hackers to launch arbitrary code remotely, which in turn can take control of a user's computer.
Although an Apple spokesman was not immediately available for comment, the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according to Apple's posting on its site.
When Apple released its iTunes 6 for Windows security patch earlier, it was designed to prevent the wrong helper application from launching. The helper program searches multiple system paths to figure out which program to run, but the flaw could allow an attacker to create a way for an alternate program to be initiated by iTunes.