iTunes update plugs WebKit flaw
The latest version of iTunes for Windows addresses 13 security vulnerabilities, as well as adding much-publicised social networking functionality. iTunes 10 for Windows addresses flaws in the media player's WebKit browser that were fixed in Safari late last month with version 5.0.1 and 4.1.1 of Apple's browser software. Apple's …
Anyone know...
... whether this social network component is an optional one or not?
(Yes, obviously I don't have to use it. But I don't want to have to install it just to patch security holes)
It's part of the iTune store...
which is served as web content rather than being local. So no, you don't 'install it'.
Ping can be switched off
I'm not sure whether I understand the question, is the problem seeing Ping in the sidebar or do you think you need to sign up for Ping in order to use iTunes?
Ping is very much opt-in and switched off by default.
The "social network component" is just a web page which is displayed on the WebKit view embedded in iTunes. Which is how they display the store as well. So I don't see how it is any different to what we had before in terms of underlying software. It's not adding any more "bloat" if that is a concern. In fact in testing I have found iTunes 10 to be faster and more responsive that it's predecessor on a Windows 7 box.
In parental controls you can remove the store from the sideba (which also removes ping) or turn off all store features bar iTunes U.
Security vulnerability?
Isn't iTunes a security vulnerability in itself?
Yes yes, I'm going...
"flaws in the media player's WebKit browser"
So, not content with merely having the updates punt Safari at every opportunity they've built a bloody browser into the thing? Also, now with social networking cobblers (like there aren't enough ways of doing *that* already).
Christ on a crutch, are Apple going for some sort of all-time, swiss-cheese bloatware record here?
Ok, so I have a choice?
"13 security vulnerabilities, as well as adding much-publicised social networking"
Without knowing the details, I start to suspect that 13 security vulnerabilities might be the lesser of the two evils.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
