Hackers about hacking techniques in our IT Security Magazine

HTTP query request vulnerability in iTunes Apple Software Updater

A German company called Gamme International has reported that remote monitoring software designed to exploit a vulnerability in Apple iTunes can indeed infect a PC system. FinFisher spyware software uses a vulnerability in the iTunes update system to install itself on the target PC system. The exploit relies on the fact that Apple Software Updater isn’t active, as iTunes uses an encrypted HTTP request to query for the URL for the latest version of the iTunes software from the Apple server. The HTTP query isn’t encrypted so the URL can indeed be modified and take the target PC to a modified web page to install the remote monitoring software.

November 27, 2011

0 Responses on HTTP query request vulnerability in iTunes Apple Software Updater"

Leave a Message

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>