back to article Apple fans besieged by iPhone Trojan and iTunes attack

Apple fans are under attack on multiple fronts. Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven. …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Jobs Halo

    Slight exaggeration

    "Apple fans besieged" compared to what Windows machines? Slight exaggeration maybe...?

  2. Anonymous Coward
    Thumb Down

    Misleading Title

    So it's not actually an iPhone Trojan (that would be newsworthy), but a new way of distributing Windows trojans...

    Way to misrepresent a story - do El Reg actually have any editorial standards left nowadays?

  3. TeeCee Gold badge
    Coat

    Gentlemen, start your engines.

    Let the iMudslinging begin.

    (My money's on Webster for first post here.)

  4. Anonymous Coward
    Dead Vulture

    WTF?

    Are you guys feeling okay? "Apple fans besieged by iPhone Trojan..." and then "The malware has no effect when opened on [the] Jesus Phone".

    So, erm, they're not besieged at all, because the 'trojen' is a harmless piece of binary attachment, which has no more of an attacking effect than any other legit email.

    Come on, El Reg, I know you guys like picking on the iPhone and Apple, but this is really clutching at straws.

  5. Richard Cain
    Dead Vulture

    Misleading Title

    Only in your last sentence do you state that the trojan does NOT affect Macs. This is shoddy Red Top journalism.

  6. adnim

    Confused? Not really

    IPhone trojan?

    "In other Apple-related security news, miscreants have disguised a Windows Trojan as a game for the Apple iPhone..."

    So it's a windows trojan posing as an IPhone game.

    "The malware has no effect when opened on either a Mac or Jesus Phone, as explained in a write-up of the attack of a Sophos security blog"

    That's a somewhat misleading article title.

    I am no lover of the IPhone but the title of the article isn't fair.

  7. Calvin Davidson

    So, let me get this right...

    If I use an iPhone and a Mac, a specially crafted, malicious file can crash quicktime and, er... that's about it?

    I'd better switch to Vista, hadn't I?

  8. James Robertson

    user beware

    Just goes to prove that the biggest security risk to any system, PC or Mac is the user.

  9. Anonymous Coward
    Anonymous Coward

    who

    actually uses quicktime on windows?

    I only have it installed as i don't have a choice, if i want to use my iphone, i have to have itunes installed, and quicktime is part of it.

    I don't actually know if it's any good as a media player, i have purely rejected it based on it's insistance on implementing a mac UI in windows, I'm used to the windows UI, so why make this one application look and act like a mac, which makes it cumbersome* to use.

    *before the flames start, this is the same reason why i don't use the windows media player, it doesn't use the standard windows UI so it's cumbersome to find the options i want.

  10. Anonymous Coward
    Anonymous Coward

    '...creates an opportunity to crash browser applications'

    Safari needs help to crash regularly?

  11. BRAINPLAN
    Jobs Horns

    hahaha

    "mwahahahaha-ha!!!"

    "...umm, oh, you mean this is a public forum!? uhem, sorry folks, don't worry we'll fix this one some time, just keep buying our stuff - by the way, have you seen our new nanos..."

    "phew! that was close..."

  12. Anonymous Coward
    Jobs Halo

    Hilarious news.......

    ... couldn't happen to a better set of users.

  13. Mike Flugennock

    Yawwwwn.

    Well, luckily, I:

    1. Have had "Little Snitch" installed on both my OSX machines since Day 01.

    2. Totally shut off and disabled any bit of iTunes that advertises to me or wishes to connect to the Internet, as I use it solely for listening to music I already own.

    3. Am not so goddamn' st00pid that I'd click on spam which promises "k3wl gam3z" or lurid fotos of Anna Kournikova -- if I ever got them, which is nigh on never owing to my judicious use of SpamAssassin and Thunderbird's email filtering.

    4. Didn't fall for the JesusPhone hype. My plain ol' Samsung clamshell flip-phone works fine for me, thanks.

    Yawwwwn.

    Yer pal, MacOS user since 1985.

  14. Joey
    Alert

    Huh???

    How exactly can 'Apple fans' be 'besiged' by a remote possibility?

  15. Omer Ozen
    Jobs Halo

    <mumble>

    "The malware has no effect when opened on either a Mac or Jesus Phone, as explained in a write-up of the attack of a Sophos security blog "

    So, actually, this is an attack on WINtards then?

  16. Thomas
    Flame

    *Insert flame war here*

    Any chance of a fanboy icon? Perhaps a picture of a geek frothing at the mouth like Cujo.

  17. Webster Phreaky
    Thumb Down

    Dodgy reporting

    "APPLE FANS BESIEGED BY IPHONE TROJAN"

    Misleading title. It's not an iPhone Trojan - it's one targetting Windoze users (as usual). Your headline implies that the trojan affects iPhones, when in fact only the email subject matter is iPhone/Apple related.

    "Apple fans are under attack on multiple fronts."

    'multiple' = 'several' = 'more than two' - you only describe 1 issue which affects Apple software users - not necessarily fans.

    Also, the Trojan exploit isn't just besieging only "Apple fans", unless spammers are getting very clever with targetting their emails nowadays.

    I get trojan-loaded spam about everything from Paris Hilton to Viagra - however, that doesn't make me a fan of either.

    "In other Apple-related security news,"

    No... "In other Windows gets another trojan news".

  18. Anonymous Coward
    Joke

    @ Webster

    OK, admit it, you used the El Reg "feature" of being able to sign up with the same nickname as an existing user (anyone else puzzled by that one?).

    Stop posing as Webster, or if you are going to at least vent some spleen!

  19. Rob
    Jobs Horns

    And so it begins

    'nuff said

  20. Gordon Fecyk
    Alert

    All right, serious question: iTunes on Windows has Services; are priv elevations possible?

    The iPodService.exe (sp?) service runs as LocalSystem and iTunesHelper.exe runs as the user currently logged on. These things probably communicate with each other.

    Can this combination result in a privilege elevation exploit due to this or some other vulnerability? Because this would be a "critical" problem to me, as it could grant admin access to non-admins, and allow all sorts of abuse.

  21. Andy Taylor
    Stop

    If it only affects Windows machines...

    How can Apple Fans be affected? Surely a real fan would be using a Mac.

    Perhaps "Windows using iPhone users" didn't sound quite so sensationalist.

  22. Richard Cain
    Pirate

    @ Mike Flugennock

    Ditto,

    but I pre-date you in your use of a Mac. I started in 1987. It's so long ago that I really do not remember the OS release number - might have been 1.x.x. What I DO remember is that when things went wrong (usually extensions) it was an absolute nightmare to fix. There was no equivalent to the DOS prompt, but once a year crashes v once a month with Windoze it was still a no-brainer.

    For what it's worth I sat opposite a guy on a train during this week who was using a really cute PC and asked him what it was. It turned out to be one of those really cute PCs that use really cute flash drives that you can buy for really cute silly money. It then turned out that he supports Windoze machines all day long, but uses a Mac at home.

    "I got so pissed off with supporting Windows during the day, I just wanted to get home to a system that actually works". I am not making that up.

    C'mon Phreaky, bring it on!

  23. Anonymous Coward
    Happy

    @ Gordon Fecyk

    iTunes uses services on OSX as well, or hadn't that occurred to you?

    Both need to run in a semi-privileged state and so both are in fact susceptible to determined hacking and prodding.

  24. Remy Redert

    @Richard Cain

    In the pre-win2k era, it was more like once a week at a minimum, esp if you hadn't formatted your machine for the last year or so.

    Never did have the 'pleasure' of using Win 3.1(1) because I skipped straight from MSDOS to Win 95, but at least I could leave the DOS machine running for 3 days straight (by accident) and not have it crash, couldn't do that on Win 95 or Win 98. Win 98SE did a fair bit better though.

  25. Matt
    IT Angle

    Enhancements.

    My security recommendations are thus:

    Cover all windows with 1" plate steel, not only do windows let people see inside, but employees can see outside. Bad idea.

    Remove all batteries from laptops and shut down all electricity. A computer that is off is more secure.

    Remove all employees ears, eyes and each individual's larynx. An employee that can hear, see and talk is a potential risk. Consider removing fingertips to avoid Braille use in particularly sensitive areas.

    Sequester all employees in house. interaction with family and friends can be dangerous and must be avoided.

    As a last resort in highly secure areas inside your company it is recommenced that the deceased be used as they are quite adept and keeping their secrets. You local cemetery will have a large supply of these. It is preferred that you use corpses that have been interred for at least 50 years or more.

  26. GF
    Thumb Down

    Terrible Article

    Even though I do not care for Apple Macs, iPhone, etc., this article is absolutely misleading and horrible. It had nothing to do with iPhone attacks. It would have been better to put "SEX" on the title to lure readers to the article ... at least the cold shower would be worth it.

  27. Gordon Fecyk
    Coat

    iPod vs generics needing Services

    "iTunes uses services on OSX as well, or hadn't that occurred to you?"

    I wasn't going to say anything. I figured the Mac fan boys would've figured that out.

    Anyway, somehow I don't see the need for an MP3 music player to have LocalSystem privileges on a PC. Or root privs on a Mac, for that matter. And my mother wonders why I wouldn't buy an iPod for myself.

    Anyone want to trade a generic MP3 player for an overpriced status symbol?

  28. Anonymous Coward
    Stop

    Has anyone read the article?

    As I read the article there is one vuln in iTunes/Quick Time that COULD be used on any browser and a separate wrapping of a different one that attacks windows.

    Not quite what most comments assume.

  29. Jan Hargreaves
    Go

    RE: All right, serious question: iTunes on Windows has Services; are priv elevations possible?

    "By Gordon Fecyk Posted Friday 19th September 2008 15:00 GMT

    The iPodService.exe (sp?) service runs as LocalSystem and iTunesHelper.exe runs as the user currently logged on. These things probably communicate with each other.

    Can this combination result in a privilege elevation exploit due to this or some other vulnerability? Because this would be a "critical" problem to me, as it could grant admin access to non-admins, and allow all sorts of abuse."

    Personally i disable both.

  30. Sam Radford
    Jobs Halo

    MacOS in 1987

    "I pre-date you in your use of a Mac. I started in 1987. It's so long ago that I really do not remember the OS release number"

    It was 6.0.4 when I got my first Mac-Plus in 1987. Ran in just 1MB of RAM.

  31. Jared Earle
    Jobs Halo

    Apple attack?

    The only attacks are from El Reg. Jesus Phone? Still?

    Contemporise, man.

  32. Alan Fisher

    I still say kill all Haxxers, hackers....eejits...etc

    I do, hunt 'em down and boil their nethers in oil...or a sustainable alternative maybe.....but they make our live hell and more expensive (they also lose us irreplaceable items if we are less than IT conversant and all the upset that causes) and they do this for giggles.....we should get sick giggles from them for a change

This topic is closed for new posts.

Other stories you might like