A critical vulnerability has been found in Apple Computer's popular iTunes, which if exploited by crackers could lead to a computer being remotely taken over, according to a warning issued by eEye Digital Security. The flaw has been discovered just days after Apple issued its security update for iTunes 6 for Windows. The flaw, which is present on the earlier version of iTunes 6 for Windows, and was not addressed by the newest security update, enables malevolent attackers to launch arbitrary code remotely, so long as a user clicks on a malicious Web site link or opens a malicious e-mail. Due to the vast popularity of the software, the potential for exploitation is huge.
An Apple representative was not available for comment, but the company has a policy of not discussing or confirming security issues until it has conducted an investigation and issued any needed patches, according a posting on its Web site.
eEye says it does not provide extensive details on security flaws until a vendor has released a patch to resolve the flaw.