I have some difficulty understanding this:
Quote:
Originally posted by Nomad
The Trojan horse's code is encapsulated in the ID3 tag of an MP3 (digital music) file. This code is in reality a hidden application that can run on any Macintosh computer running Mac OS X. Mac OS X displays the icon of the MP3 file, with an .mp3 extension, rather than showing the file as an application, leading users to believe that they can double-click the file to listen to it. But double clicking the file launches the hidden code, which can damage or delete files on computers running Mac OS X, then [launches] iTunes to play the music contained in the file, to make users think that it is really an MP3 file.
|
So the trojan is in the ID3 tag. That means it must be in the MP3 file.
Then it's logically displayed as an MP3 file, which in the above text is thought as deceiving.
Double clicking on it launches the code.... So you mean it's an application? So it's not actually an MP3 file? Then MacOS just assumes it is?
Then the trojan launches iTunes? So it is an MP3 file?
Ok, you got me: what is it?
My conclusion: The exploit is in the way MP3 files are handled (in iTunes?). It is an MP3 file, but some info in there exploits the security hole (in iTunes?). And think I'm correct in assuming that iTunes is launched, the MP3 is played, and
then the malicious code is executed.
It's all the same difference, the file is Bad, and the security leak should be patched. But I hardly see it as an Mac OS X problem, as it most certainly lies within the iTunes application.
Note: I've never used Mac OS X