iTunes has a great interface, that's about it. It installs what, 2 (or is it 3) windows services? Not to mention it is a resource hog and comes bundled with QuickTime which sets itself to run at start-up (and you have to go to the registry to stop it from loading).

Why did Apple programmers write it this way? I think that it definitely needs improvement. But then again all apps could be better written. It's going to be fun to watch as more and more Apple stuff is found to have flaws in it as they move to the Intel/Microsoft world (not that I want them to fail or anything - I'm looking forward to trying out OSX).

Critical Flaw, Mac OS X - you're joking!

The critical flaw is that this web site seems to be pro windows (for some unknown reason) and this is the first sniff of a problem with software on a mac.

I think that the flaw is only in the windows version, where the itunes app needs to execute win API's.

so the flaw exists in Internet explorer, and/or Windows XP (or what ever flavour)

unlike windows, where any fool can simplely download tools to start 'hackin', the BSD foundation which Mac OS X is built on requires a little more understanding and skill to 'hack'. Now maybe if the mac was more popular more people would target it with viruses - personally i think if that were the case, the world would be a better place and the 'I hate Microsoft' mentality would disappear, and hacking would be a word describing those people who can pull apart one appliance/software and 'hack' it into something inovative (like it should be).

Oh, no... I think it is YOU who are joking... :) I would be more than happy to make mention of the vulnerabilities found in Apple products in the past 6 months... I think the tally is up around 24+ now... possibly higher, I've lost count.

I think you're delusional to think that Mac users aren't as prone to clicking things randomly... afterall, Mac users only have one mouse button, so what else are they supposed to do with it? *grin* OK, that was a low blow, I apologize, but Mac users are no smarter or dumber than any other user.

So, like I said, even though I've got plans for the day, I can work in some time to post links to Mac-related security advisories if you ask me to. Otherwise, take your Windows-flaming, Mac-praising propaganda and go over to macworld.com or something...

Thanks for the blunt, but accurate retalliation to the above comment. I too hate the MAC and Firefox users that believe that if they use the mentioned products, that makes them safe and some-what smarter than the rest.

Kudos to you.

Story has been updated - It only effects windows.

you guys are talking like security flaws never existed before

iTunes is not a part of the operating system.
So who cares?

um...your comment makes no sense...

Doesn't it come preinstalled on OSX?

You fail to understand the concept of security exploit. Allow me to clarify it for you.

Step 1: Hacker discovers and takes advantage of a hole in an application that gives them remote access (in some form or another) to someone else's computer.

Step 2: Oblivious user mistakenly clicks on a link that looks interesting but, in fact, contains the file with the hacker's code.

Step 3: User's machine is compromised.

Note: I never once made mention of the OS, I said Application, because, any application can contain such a vulnerability. Case in Point: Apple's media software. phpBB... Apache... Notepad, for crying out loud... the list could go on indefinitely.

Outstanding! iTunes sucks! Yeah! Whatever takes Microsoft OFF the front page, so everyone can see Microsoft is NOT the evil doers..

Sony!

And! it is not even Microsoft's fault. It is the application. Funny how it is fixed for Mac, but still vulnerable in Microsoft. I wonder why that........

It must be tough for Microsoft to keep having to fix vulnerabilities caused by 3rd party applications.

*points finger and says, " HAHA."*

Apple partners/supports tens of thousands of vendors like MS, and therefore WOULD be more susceptable to attack if they gained sufficient market share. I've said that forever. Here we have it with iTunes. Yes, high market share WITH MULTIPLE VENDOR SUPPORT does heighten risk of security attacks. Linux could take up 80% of the Enterprise market and not be attacked significantly more because of the nature of its core. On the other hand, if it was a desktop OS, and supported tens of thousands of drivers for specific devices as Mac and MS do, then...

Totaly agree, to bad there are so many people that do not understand this, and never will.

Wait wait wait.. you can't EVEN put this on MS. The only partnership they have is that it happens to run on Windows, period. There is no "partnership".

This is good old Apple ingenuity, ****ing up! That's all there is to it.

you people are amazing, even when its NOT a MS product you still INSIST its a Microsoft Bug..incredible.. stupid, assinine, lame, retarded even, but incredible none-the-less.

You agree with stupidiy, hooray for you. You don't even understand it, because its not even a true statement.. Shows how much you know.

The myriad of vendors isn't a flaw, its a side affect.

Programmers made it, and what do you know, they can't predict EVERYTHING that will happen.

Even a steel vault has weaknesses until some bank robber exploits them. I suppose that is a fault of multiple vendors too? Locks, hinges, seals, door.. handle.. Yeah, whatever.

Its human nature. Humans are not perfect. There isn't a single human device one human makes that another human can't expose. That's a fact jack.

I didn't mean to put this on MS...just comparing MS and linux to Apple, that's all.

Wooaa, slow down there! I never said it was a flaw. I said it makes a bigger target for hackers. Hackers won't work on breaking linux as it does not have as many ways to creep in, while MS and Mac do. It isn't a fault.

Well said!

you are all missing the point of the article...iTunes was not hacked, the flaw already existed someone just found it. No one hacked iTunes and made it shi**ier it always was that way, the flaw just wasn't discovered untill now

No no, an MS flaw is that sony DRM remover ActiveX flaw. I doubt even Java would allow a security exploit that horrid...

I didn't pick up MS criticism from his post...

"Hackers won't work on breaking linux" ??? There have been two or three *nix specific worms in the last couple of months. It's not that there aren't as many ways to break in, it's that crackers work on breaking whatever is widely used, and *nix based systems are moving up in the desktop/corporate world, and so the crackers are starting to crack more *nix stuff.

I know someone that writes malicious software for linux, only he doesn't exploit it. He submits it to which-ever parties involved to fix the holes. Not to say that this doesn't happen for windows or mac, just to say that it happens probably more so for linux just because of the philosophy of open source.

I guess you could say the same for windows, no one hacked them, the flaw was already there and someone just discovered it. No one seems to realize that with windows, they are just quick to whine and b**** about microsoft's software being insecure, failing to realize how many possible hardware platforms and configurations they must support.

Actually, I got the point of the article, it's the point of your post that I don't understand... Now it has been discovered, and no doubt, some script-kiddie is planning ways to take advantage of it... so what difference does it make if it went undiscovered for so long?

Well said. I agree

"There have been two or three *nix specific worms in the last couple of months."

Compared to the 90 or so Windows worms in those 2 months? My point exactly.