![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneBasically when iTunes launched in Windows, (prior to the 10.5.1 update) it would send an unencrypted HTTP request. If you controlled someone's network upstream of their computer, you could intercept this request and proffer an "update" that was malware that could give the government all sorts of information that you might rather they didn't get, including the ability to listen to Skype conversations before they are encrypted.
Just the thing if you're living in an Arab Spring country.
The sad thing is that Apple was informed of this flaw in 2008. They fixed it last week.
It only affected Windows users of iTunes (and probably, by extension, Safari) as the Mac OS-X updater is a more secure subsystem.
http://www.h-online.com/security/news/item/iTunes-security-vulnerability-had-been-present-for-over-three-years-1384718.html
http://apple.slashdot.org/story/11/11/25/1343201/itunes-flaw-allowed-spying-on-dissidents
Just the thing if you're living in an Arab Spring country.
The sad thing is that Apple was informed of this flaw in 2008. They fixed it last week.
It only affected Windows users of iTunes (and probably, by extension, Safari) as the Mac OS-X updater is a more secure subsystem.
http://www.h-online.com/security/news/item/iTunes-security-vulnerability-had-been-present-for-over-three-years-1384718.html
http://apple.slashdot.org/story/11/11/25/1343201/itunes-flaw-allowed-spying-on-dissidents
