Rigged podcasts can leak your iTunes username/password
Hackers can create malicious podcasts to hijack usernames and passwords from Apple’s iTunes software.
According to a warning from Apple, a “design issue” in the iTunes podcast feature can be abused via rigged audio files to cause an authentication dialog to be presented to the user. From that dialog, a hacker can hijack iTunes credentials and upload it to the podcast server.
[ SEE: Apple plugs gaping iTunes hole, doesn't tell everyone ]
From Apple’s advisory:
- A design issue exists in the iTunes podcast feature. A subscription to a malicious podcast may cause an authentication dialog to be presented to the user. This dialog may entice the user to send iTunes credentials to the podcast server.
Apple has shipped a patch in iTunes 8.1 to clarify the origin of the authentication request in the dialog box.
The iTunes update also corrects a denial-of-service flaw that can be caused via maliciously crafted DAAP messages.
- An infinite loop exists in the handling of iTunes Digital Audio Access Protocol (DAAP) messages. Sending a message containing a maliciously crafted Content-Length parameter in the DAAP header may lead to a denial of service. This update addresses the issue by performing additional validation of DAAP messages.
The denial -of-service bug does not affect Mac OS X systems.
[Source: zdnet]
Post a Comment