1/18/2005

ITunes exploit code hits the web

Filed under: — Aviran Mordo

Code that allows hackers to exploit a vulnerability in Apple’s iTunes software has appeared over the weekend.

The code was posted on the Bugtraq mailing list by someone known only as ‘Nemo’, and acknowledges the help of three friends ‘andrewg’, ‘mercy’ and ‘core’. The code is designed purely as a proof of concept and contains no virus or Trojan payload.

“Here is some code to exploit the vulnerability. It will generate a *.pls file which, when opened with iTunes 4.7, will bind a shell on port 4444,” said ‘Nemo’ in the message.

Early versions of iTunes are vulnerable to hackers who can build malicious playlist files which crash the application. Code can then be inserted, either to spread a virus or allow the attacker to take control of the host PC.

The latest version, iTunes 4.7.1, is not affected by the vulnerability and can be downloaded from Apple’s website here.

Source: PCW

Sony warns against installing PSP update

Filed under: — Aviran Mordo

Sony Computer Entertainment Inc. has cautioned users of its recently-launched PlayStation Portable (PSP) against installing a software file currently available on some enthusiast Web sites. The file at first glance appears to add several new features to the handheld gaming device when installed but the result is quite different.

“We have become aware that there is a software program going around on some Web sites and Internet bulletin boards claiming to be an update file that rewrites the system software of the PSP hardware,” said Nanako Kato [cq], a spokeswoman for SCEI in Tokyo. “This software has not been issued officially by SCEI and does not function properly. We advise our users not to execute or apply the program as it will cause the PSP hardware to stop operating.”

The file appeared last week and was obtained from a Sony server, according to enthusiast Web sites that first reported its existence. Screenshots of the file installation process show it promises to add functions such as an e-mail client, Web browser, voice chat, a calculator, text to speech reading, a word processor and/or spreadsheet, scheduler and the ability to work with the SonicStage digital music software.

Kato confirmed the file was created by SCEI engineers and was produced for developers but said it contains dummy data. “It is not supposed to be used at this time,” she said.

Users who have applied the file can get their PSP repaired by returning it to SCEI. However, the company will charge for the repair service.

Source: IT Worls

Intel to Unveil Centrino Update

Filed under: — Aviran Mordo

Intel Corp. will launch a major upgrade of its popular Centrino technology for notebook computers Wednesday, as the world’s largest chipmaker seeks to expand the product’s audience from business users to consumers.

The new chips, code-named Sonoma, are expected to enable more consumer-friendly systems that better support video, audio and games. When Centrino was first launched, it was targeted primarily at business users.

The new version is expected to increase the top clock speed of the Pentium M, the microprocessor component of Centrino, as well as make memory improvements.

The company said the new integrated graphics chip should have no problem handling 3D games, DVDs or even high-definition video.

The chip also will support high-quality audio such as Dolby Digital and 7.1 surround sound. And its radio component has been upgraded to support a standard is less susceptible to interference from electronic devices such as portable phones and microwave ovens.

Source: AP

Powered by WordPress