announced a security flaw has been found in the latest version of iTunes 6.0.1 and 6.0.2, as well as QuickTime 7.0.3
and 7.0.4 that affects both Mac OS X and Windows. The flaw could allow an attacker to run code as the currently logged
in user, which is typically worse news for Windows users, but is still not something Mac user should take lightly.
While Apple is working on a patch, I thought this sentence from a PC Pro article was somewhat interesting: "[Apple] will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process." I wonder what exactly that means - is there some kind of industry consensus that has to be met? Or do they just mean that most people who exploit flaws like this don't use RSS readers and won't find out about the flaw for a month or two? Hopefully, we won't have to find out.