Blog | G5 Cyber Security

Apple Secures ITunes Update Checking to Address Man-in-the-Middle Vulnerability

Apple’s iTunes 10.5.1 update addresses a weakness in the application’s update mechanism that could be exploited to trick users into visiting malicious websites. The vulnerability stems from older iTunes versions use of plain HTTP requests to query Apple’s servers for updates. Because such connections lack encryption, a network attacker could intercept the requests and respond with rogue update URLs. This particular attack scenario can only take place when iTunes is installed on a Windows system and the Apple Software Update component is not present. Mac users are not affected by the flaw.”]

Source: https://www.csoonline.com/article/2130252/apple-secures-itunes-update-checking-to-address-man-in-the-middle-vulnerability.html

Exit mobile version