Tags Tags

iTunes Flaw Allowed Spying On Dissidents

November 25th, 2011 - 10:10 am ET by Hardon | Report spam
Help Create a new topic
<http://apple.slashdot.org/story/11/...idents>

<quote>
"Democracy and free speech activists worldwide have something new to
worry about — cyberwarfare via iTunes. The Telegraph reports that
Gamma International sells computer hacking services to governments,
offering 'zero day' security flaws that allow access to target
computers 'with the ability to take control of the target systems
functions to the point of capturing encrypted data and
communications.' FinFisher spyware, known to be used by British
agencies and offered to Egypt's feared secret police, takes advantage
of an unencrypted HTTP request that is filed by iTunes when Apple
Software Updater is inactive. It redirects users' web browsers to a
customized web page that pretends Flash is not installed on the user's
computer, then installs a sophisticated piece of spyware that sends
info on a user's activities directly to foreign intelligence
services. The latest iTunes software update, 10.5.1, released on
November 14, appears to have fixed the exploit FinFisher used. A
prominent security researcher warned Apple about this dangerous
vulnerability in mid-2008, yet Apple 'waited more than 1,200 days to
fix the flaw,' writes security researcher Brian Krebs."
</quote>
email Follow the discussionReplies 2 repliesReplies Make a reply

Replies

#1 RonB
November 25th, 2011 - 01:51 pm ET | Report spam
On Fri, 25 Nov 2011 15:10:58 +0000, Hardon wrote:

<http://apple.slashdot.org/story/11/...w-allowed-


spying-on-dissidents>

<quote>
"Democracy and free speech activists worldwide have something new to
worry about — cyberwarfare via iTunes. The Telegraph reports that Gamma
International sells computer hacking services to governments, offering
'zero day' security flaws that allow access to target computers 'with
the ability to take control of the target systems functions to the point
of capturing encrypted data and communications.' FinFisher spyware,
known to be used by British agencies and offered to Egypt's feared
secret police, takes advantage of an unencrypted HTTP request that is
filed by iTunes when Apple Software Updater is inactive. It redirects
users' web browsers to a customized web page that pretends Flash is not
installed on the user's computer, then installs a sophisticated piece of
spyware that sends info on a user's activities directly to foreign
intelligence services. The latest iTunes software update, 10.5.1,
released on November 14, appears to have fixed the exploit FinFisher
used. A prominent security researcher warned Apple about this dangerous
vulnerability in mid-2008, yet Apple 'waited more than 1,200 days to fix
the flaw,' writes security researcher Brian Krebs." </quote>



Sounds like the back doors in Windows that are constantly being
"discovered" by hackers. Oh, did I say "back doors?" What I meant to say
was "vulnerabilities" or "exploits." And, if you believe that, I've got a
bridge in Brooklyn...

So I wonder how long before FinFinisher spyware is using a new "exploit"
in iTunes?

RonB
Registered Linux User #498581
CentOS 5.7 or VectorLinux Deluxe 6.0
or Linux Mint 10

Similar topics

Make your own search :