Apple fixes iTunes man-in-the-middle security hole

Apple fixes iTunes man-in-the-middle security hole

Summary: The vulnerability affects both Mac OS X and Windows users and lets a man-in-the-middle attacker offer harmful software that appears to originate from Apple.

SHARE:

Apple today shipped an iTunes update to fix a serious security hole that could allow man-in-the-middle hacking attacks.

The iTunes 10.5.1, available for both Mac and Windows users, addresses a flaw that lets a man-in-the-middle attacker offer harmful software that appears to originate from Apple.

From Apple's advisory:follow Ryan Naraine on twitter

iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.

iTunes 10.5.1 can be downloaded directly from Apple's web site.

Topics: Operating Systems, Apple, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • RE: Apple fixes iTunes man-in-the-middle security hole

    i see Charlie Miller is still Attacking Apple. I wonder if Ballmer is paying him more these days? This attack is from Miller,just like his attack on iOS, and was created using anApple SDK, rather than just finding some random flaw, like 99.98937% of windows flaws, and vulnerabilities ;) :P
    Rick_Kl
    • RE: Apple fixes iTunes man-in-the-middle security hole

      @Rick_Kl Wait what? Did you read the same article that I just did? Color me confused.

      Good thing this got fixed.
      Dodgson1832
      • RE: Apple fixes iTunes man-in-the-middle security hole

        @Dodgson1832 There is evidence that Charlie Miller is behind this attack on iTunes. Charlie Miller is glory seeking terrorist in the tech world, and has singled out Apple as his target of choice. Every time there was a security issue wit Windows Miller would claim one with Apple, even if it was not true. Even if he had to fabricate the facts to meet how demented view. He was recently removed as an iOS developer when he inserted an attack vector in the iOS app store.
        Rick_Kl
      • RE: Apple fixes iTunes man-in-the-middle security hole

        @Dodgson1832 I know who Charlie Miller is. Considering that his work has made Apple products considerably safer, I think that it is great that he keeps finding security holes. When security researchers discover security holes, it is not normally considered an attack.
        Dodgson1832
      • RE: Apple fixes iTunes man-in-the-middle security hole

        @Dodgson1832 when a so-called researcher indicates that he would ilk to put out alit cigarette in the users eye, that is the sign i a terrorist. Now add to that the so-called problem required third party drivers to be installed. This supposedly Apple security flaw also worked on all versions of Windows, yet Miller chose to single out Apple. Miller is not a researcher, but a narcissistic terrorist???.
        Rick_Kl
      • RE: Apple fixes iTunes man-in-the-middle security hole

        @Rick_Kl
        I seriously doubt Charlie Miller is out to break the law. Cut the crap.
        ScorpioBlue
    • RE: Apple fixes iTunes man-in-the-middle security hole

      @Rick_Kl

      This has nothing to do with Windows.

      Why is it that you have to attack an opposing product when your precious Apple has a flaw? Why is it so bad that he pointed it out? Would you rather all flaws get unreported, just for image?
      Michael Alan Goff
      • RE: Apple fixes iTunes man-in-the-middle security hole

        @Michael Alan Goff It is clear who is behind many of the recent attacks on Apple products.
        Rick_Kl
      • RE: Apple fixes iTunes man-in-the-middle security hole

        You didn't really respond to my post.

        Why does it matter? Flaws are getting fixed, users are more secure than before. This isn't a bad thing. Patches are not a bad thing.
        Michael Alan Goff
  • RE: Apple fixes iTunes man-in-the-middle security hole

    Between this and the new iPhone update, Apple is rolling out lots of new improvements to its existing products this week. Good to see the company is constantly working to improve its products and services. http://www.mosaictec.com
    MosaicTechnology