Russian iTunes Store shows porn images by mistake
Users accessing Apple's iTunes Store in Russia have been getting porn images when searching for films to rent.
Movies without images have been linking to xxx.xxx web address.
The intention might have been to link to a placeholder, said one IT expert, but addresses ending in .xxx are real websites with explicit content.
Apple rolled out the service in Russia on Tuesday, along with another 55 countries; the firm had no comment when approached by the BBC.
Although users were seeing pornographic images, they were not able to actually buy or rent these films, said Top F Secure IT researcher Mikko Hypponen.
"If someone actually clicks on such a movie and buys it, they won't get a porn movie - they will get what was supposed to be there, a real film, but the image was just wrong," he said.
"It's like when you go to a real-world video rentals store and all the DVDs are there but the covers for some of them are wrong.
"It's accidental - as I understand the situation, as they were adding content, they were a bit rushed and didn't have images for every single movie cover.
"So for those images that they didn't have yet, they had to enter a web address - a URL - of where the image was supposed to come from, but there was no URL to put in yet - so they just put xxx.xxx thinking that they will put in a real address later."
He said the mistake was easy to fix - Apple simply had to link movies with a missing image to Apple's front page, for example.
Graham Cluley from IT security firm Sophos called it "a serious blunder by Apple".
"The last thing you want to happen if you're downloading Kung Fu Panda for your kids is find out that you're looking at hardcore porn instead," he said.
"It's sloppy of Apple not to have tested their software thoroughly and properly before rolling it out to the masses, but it could have been much worse.
"If the webpages had contained malicious code, for instance, then it might have been possible for unsuspecting users to click on dangerous links or have had their computers infected by malware.
"As it is, it's more likely to be a case of them having to wipe the unpleasant images of what they saw from their memory than wipe a Trojan off their hard drive."
Web addresses ending in .xxx went on sale in 2011 following years of wrangling over whether a specific adult content address was needed.
ICM Registry was finally awarded the right to administrate the new domain. It put .xxx on a par with more conventional web addresses such as .com and .org.