Apple fans besieged by iPhone Trojan and iTunes attack Apple fans are under attack on multiple fronts. Security researchers have discovered an unpatched vulnerability in Apple's iTunes and QuickTime software that creates an opportunity to crash browser applications. The flaw might also open up a route to inject hostile code onto vulnerable systems, though this remains unproven. …
Are you guys feeling okay? "Apple fans besieged by iPhone Trojan..." and then "The malware has no effect when opened on [the] Jesus Phone".
So, erm, they're not besieged at all, because the 'trojen' is a harmless piece of binary attachment, which has no more of an attacking effect than any other legit email.
Come on, El Reg, I know you guys like picking on the iPhone and Apple, but this is really clutching at straws.
IPhone trojan?
"In other Apple-related security news, miscreants have disguised a Windows Trojan as a game for the Apple iPhone..."
So it's a windows trojan posing as an IPhone game.
"The malware has no effect when opened on either a Mac or Jesus Phone, as explained in a write-up of the attack of a Sophos security blog"
That's a somewhat misleading article title.
I am no lover of the IPhone but the title of the article isn't fair.
actually uses quicktime on windows?
I only have it installed as i don't have a choice, if i want to use my iphone, i have to have itunes installed, and quicktime is part of it.
I don't actually know if it's any good as a media player, i have purely rejected it based on it's insistance on implementing a mac UI in windows, I'm used to the windows UI, so why make this one application look and act like a mac, which makes it cumbersome* to use.
*before the flames start, this is the same reason why i don't use the windows media player, it doesn't use the standard windows UI so it's cumbersome to find the options i want.
Well, luckily, I:
1. Have had "Little Snitch" installed on both my OSX machines since Day 01.
2. Totally shut off and disabled any bit of iTunes that advertises to me or wishes to connect to the Internet, as I use it solely for listening to music I already own.
3. Am not so goddamn' st00pid that I'd click on spam which promises "k3wl gam3z" or lurid fotos of Anna Kournikova -- if I ever got them, which is nigh on never owing to my judicious use of SpamAssassin and Thunderbird's email filtering.
4. Didn't fall for the JesusPhone hype. My plain ol' Samsung clamshell flip-phone works fine for me, thanks.
Yawwwwn.
Yer pal, MacOS user since 1985.
"APPLE FANS BESIEGED BY IPHONE TROJAN"
Misleading title. It's not an iPhone Trojan - it's one targetting Windoze users (as usual). Your headline implies that the trojan affects iPhones, when in fact only the email subject matter is iPhone/Apple related.
"Apple fans are under attack on multiple fronts."
'multiple' = 'several' = 'more than two' - you only describe 1 issue which affects Apple software users - not necessarily fans.
Also, the Trojan exploit isn't just besieging only "Apple fans", unless spammers are getting very clever with targetting their emails nowadays.
I get trojan-loaded spam about everything from Paris Hilton to Viagra - however, that doesn't make me a fan of either.
"In other Apple-related security news,"
No... "In other Windows gets another trojan news".
The iPodService.exe (sp?) service runs as LocalSystem and iTunesHelper.exe runs as the user currently logged on. These things probably communicate with each other.
Can this combination result in a privilege elevation exploit due to this or some other vulnerability? Because this would be a "critical" problem to me, as it could grant admin access to non-admins, and allow all sorts of abuse.
Ditto,
but I pre-date you in your use of a Mac. I started in 1987. It's so long ago that I really do not remember the OS release number - might have been 1.x.x. What I DO remember is that when things went wrong (usually extensions) it was an absolute nightmare to fix. There was no equivalent to the DOS prompt, but once a year crashes v once a month with Windoze it was still a no-brainer.
For what it's worth I sat opposite a guy on a train during this week who was using a really cute PC and asked him what it was. It turned out to be one of those really cute PCs that use really cute flash drives that you can buy for really cute silly money. It then turned out that he supports Windoze machines all day long, but uses a Mac at home.
"I got so pissed off with supporting Windows during the day, I just wanted to get home to a system that actually works". I am not making that up.
C'mon Phreaky, bring it on!
In the pre-win2k era, it was more like once a week at a minimum, esp if you hadn't formatted your machine for the last year or so.
Never did have the 'pleasure' of using Win 3.1(1) because I skipped straight from MSDOS to Win 95, but at least I could leave the DOS machine running for 3 days straight (by accident) and not have it crash, couldn't do that on Win 95 or Win 98. Win 98SE did a fair bit better though.
My security recommendations are thus:
Cover all windows with 1" plate steel, not only do windows let people see inside, but employees can see outside. Bad idea.
Remove all batteries from laptops and shut down all electricity. A computer that is off is more secure.
Remove all employees ears, eyes and each individual's larynx. An employee that can hear, see and talk is a potential risk. Consider removing fingertips to avoid Braille use in particularly sensitive areas.
Sequester all employees in house. interaction with family and friends can be dangerous and must be avoided.
As a last resort in highly secure areas inside your company it is recommenced that the deceased be used as they are quite adept and keeping their secrets. You local cemetery will have a large supply of these. It is preferred that you use corpses that have been interred for at least 50 years or more.
Even though I do not care for Apple Macs, iPhone, etc., this article is absolutely misleading and horrible. It had nothing to do with iPhone attacks. It would have been better to put "SEX" on the title to lure readers to the article ... at least the cold shower would be worth it.
"iTunes uses services on OSX as well, or hadn't that occurred to you?"
I wasn't going to say anything. I figured the Mac fan boys would've figured that out.
Anyway, somehow I don't see the need for an MP3 music player to have LocalSystem privileges on a PC. Or root privs on a Mac, for that matter. And my mother wonders why I wouldn't buy an iPod for myself.
Anyone want to trade a generic MP3 player for an overpriced status symbol?
"By Gordon Fecyk Posted Friday 19th September 2008 15:00 GMT
The iPodService.exe (sp?) service runs as LocalSystem and iTunesHelper.exe runs as the user currently logged on. These things probably communicate with each other.
Can this combination result in a privilege elevation exploit due to this or some other vulnerability? Because this would be a "critical" problem to me, as it could grant admin access to non-admins, and allow all sorts of abuse."
Personally i disable both.
I do, hunt 'em down and boil their nethers in oil...or a sustainable alternative maybe.....but they make our live hell and more expensive (they also lose us irreplaceable items if we are less than IT conversant and all the upset that causes) and they do this for giggles.....we should get sick giggles from them for a change
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
