Apple iTunes Software Update Spoofing Weakness

[DiabloBlack]

For those who use Apple's iTunes.

Secunia Advisory SA46848

Apple iTunes security update from 10.5.0.x to 10.5.1.

Description:

A weakness has been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks.

The weakness is caused due the software update mechanism using an HTTP request to check for new updates. This can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks.

Successful exploitation requires that Apple Software Update is not installed.

The weakness is reported in versions prior to 10.5.1.

Secunia Details

Apple iTunes

 

[AyeAyeCaptain]

Thanks for the link/info Diablo and I'm sure you like me have to come to find Secunia is a very useful addition for any user.

 

[DiabloBlack]

You're welcome. Secunia PSI should be a standard for any OS install, just sayin

 

[AyeAyeCaptain]

Rep +

Totally agree there, while it's not the answer/solution to becoming infected through insecure programs etc, it certainly is an added layer to reduce the risk. Besides, Itunes is bundled with the biggest security threat anyway, Quicktime surely?!!