CNET también está disponible en español.

Ir a español

Don't show this again

Cyberpunk 2077 delayed Netflix Assassin's Creed series Stimulus check facts Microsoft Surface Pro X review Avatar 2: Kate Winslet as a 'water person' Microsoft Surface Duo iPhone 12 and 12 Pro review

Apple's iTunes 8.1 plugs malicious podcast security hole

Latest version of iTunes addresses two security issues, including one that could expose usernames and passwords.

Apple on Thursday released iTunes 8.1, which includes a fix for a vulnerability that could lead to theft of usernames and passwords if a podcast containing malware were subscribed to.

The software update addresses a design issue in the iTunes podcast feature that made it possible for a subscription to a malicious podcast to cause an authentication dialog to be displayed that could prompt the user for log-in credentials to the podcast server, Apple's advisory said.

The issue affects Mac OS X v 10.4.10 and later. The issue was reported by Simon Bellwood.

iTunes 8.1 also fixes a vulnerability that could allow maliciously crafted Digital Audio Access Protocol messages to cause a denial of service on computers running Windows XP or Vista. Fortinet's Fortiguard Global Security Research team is credited with discovering this bug.