Now I probably wouldn’t mention this one on normal circumstances, but it seems pretty epic to me. There are a handful of exploits here that can run arbitrary code as the current user. A handful all around a theme if you ask me – loading images and XML. Guess what you might be using to listen to or download this podcast? Yeah, iTunes that has loaded images and XML provided by us. Oh, and MitM attacks against the built-in webkit that can trigger memory errors while browsing the iTunes store. I wonder if it carries over to other webkit enabled browsers….
Further, many people may think this is an unlikely attack surface. The idea is that you would have to get the attack on the iTunes website. This is not necessarily true in all situations. For example, from the Metasploit de-cloak engine you can invoke iTunes. It could be very possible to leverage these attacks via a XSS attack to launch iTunes and compromise the target system simply because they thought they were going to listening to a new Justin Bieber song.

Death by Lost Boys.jpg

Thats right… Death by Stereo!

Also, look very closely at the affected platforms. It impacts Windows and OS X systems. Watch this very closely folks. This is the future. It is no longer an issue that one OS is more secure than another. Applications like iTunes, Java and Flash are becoming ubiquitous across all platforms. On one hand it is nice that we have interoperability, however this reduction to an application level monoculture will have consequences.
Brought to you by: haxorthematrix and strandjs
Originally discussed during episode 233

About the author