eEye Uncovers iTunes Vulnerability

Aliso Viejo-based security firm eEye Digital Security has uncovered a flaw in Apple's popular iTunes digital music software and Apple's QuickTime media player, according to the company. Microsoft Windows-based versions of the iTunes software and QuickTime media player contain a remotely exploitable flaw that allows arbitrary code to be executed by a user. The vulnerabilities haven't been patched yet by Apple, and require that users click on a link and launch a media file. The vulnerabilities were reported in eEye's Upcoming Advisories notices which note vulnerabilities the firm has reported to software vendors but where patches are not yet available. eEye provides a vulnerability management tool and computer security research.