Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: iTunes update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Apple
And, this specific program:
Apple iTunes 8.x

This thread has been marked as locked.
onedeafeye iTunes update
Member 11th Jun, 2009 07:35
Ranking: 2
Posts: 24
User Since: 11th Jun, 2009
System Score: N/A
Location: N/A
I have iTunes 8.0.2.20 installed on my computer for the sole purpose of loading my iPod. It's not my default player - I use WMP with a codec pack for that - and iTunes never connects to the internet. My iPod is used solely to play music (no video, no calendar, no clock, no contacts, etc.) and I don't want to put more unwanted stuff on my iPod to just take up space.This version of iTunes is my one unsafe program, but given the use, is it necessary to update it?

Maurice Joyce RE: iTunes update
Handling Contributor 11th Jun, 2009 16:43
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I think U are using the most up to date version - check this link
http://www.filehippo.com/download_itunes_32/

What is the path to the insecurity found?

The great feature of Secunia is that it does not offer an auto fix rather the user makes a balanced judgement against the facts presented.

If U are absolutely sure that the file PSI has found cannot be exploited by the way U use it then U can create an Ignore Rule via the Toolbox. I personally would update it but it is very much a users choice.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
onedeafeye RE: iTunes update
Member 12th Jun, 2009 06:42
Score: 2
Posts: 24
User Since: 11th Jun 2009
System Score: N/A
Location: N/A
It appears I have two versions of iTunes, according to FileHippo. The path to the version that Secunia says is unsafe is c:\Program Files (x86)\iTunes\iTunes.exe, and FH says I also have iTunes in 64-bit which has an update available to iTunes 8.2.0. Both have the same path, but FH says the 32-bit version is up to date, whereas the 64-bit version is not.
I'm not sure if the file can be exploited or not, and that's why I'm asking, given the way it's used.
Was this reply relevant?
+0
-0
Maurice Joyce RE: iTunes update
Handling Contributor 12th Jun, 2009 09:54
Score: 11580
Posts: 8,899
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I am a bit confused. The link I gave U took U to the download link for ITunes 32 bit which I assume your PC is for U to check your installed ITune matched that.

There is indeed another link to 64 bit - U must not install that if U are using a 32 bit system.

What is the path to the insecurity PSI has found?
To locate the exact file that the Secunia PSI has detected, please follow there guidelines using the
ADVANCED interface:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
* Click on the + sign of the programme to “expand’ it.
* Click on Technical Details in the Toolbox to see the installation path of the detected file.


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
onedeafeye RE: iTunes update
Member 13th Jun, 2009 09:20
Score: 2
Posts: 24
User Since: 11th Jun 2009
System Score: N/A
Location: N/A
I guess I should have been more specific...I have Vista Home Premium 64-bit. The FileHippo I referred to is the FileHippo Update Checker.
The path to the PSI insecurity for iTunes is exactly as I stated - I highlighted it in PSI and dragged it into the message (I use Firefox). I got the path from the location you noted.
But the question I wanted answered is still hanging. Is my version of iTunes unsafe, given the stated restrictions and usage?
Was this reply relevant?
+0
-0
onedeafeye RE: iTunes update
Member 25th Jun, 2009 04:51
Score: 2
Posts: 24
User Since: 11th Jun 2009
System Score: N/A
Location: N/A
It's been awhile since I posted on this, and I forgot about it, but I see I got no final response. Anybody care to answer this post?
Was this reply relevant?
+0
-0
Anthony Wells RE: iTunes update
Expert Contributor 25th Jun, 2009 12:25
Score: 2425
Posts: 3,315
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
on 11th Jun, 2009 16:43, Maurice Joyce wrote:
I think U are using the most up to date version - check this link
http://www.filehippo.com/download_itunes_32/

What is the path to the insecurity found?

The great feature of Secunia is that it does not offer an auto fix rather the user makes a balanced judgement against the facts presented.

If U are absolutely sure that the file PSI has found cannot be exploited by the way U use it then U can create an Ignore Rule via the Toolbox. I personally would update it but it is very much a users choice.


Not wishing to be clever , but I think Maurice already gave you the answer (above) . Why take any risk by not updating ??


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability