Slashdot Mirror

← Back to Stories (view on slashdot.org)

iTunes Flaw Allowed Spying On Dissidents

Posted by Soulskill on from the but-only-from-a-macbook dept.

Hugh Pickens writes writes "Democracy and free speech activists worldwide have something new to worry about — cyberwarfare via iTunes. The Telegraph reports that Gamma International sells computer hacking services to governments, offering 'zero day' security flaws that allow access to target computers 'with the ability to take control of the target systems functions to the point of capturing encrypted data and communications.' FinFisher spyware, known to be used by British agencies and offered to Egypt's feared secret police, takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. It redirects users' web browsers to a customized web page that pretends Flash is not installed on the user's computer, then installs a sophisticated piece of spyware that sends info on a user's activities directly to foreign intelligence services. The latest iTunes software update, 10.5.1, released on November 14, appears to have fixed the exploit FinFisher used. A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet Apple 'waited more than 1,200 days to fix the flaw,' writes security researcher Brian Krebs."

8 of 82 comments (clear)

  1. Conspiracy! by ryanmcdonough · · Score: 5, Funny

    An amazing way to exploit software that is ubiquitous on many computers. Let's start the conspiracy now that Apple are told by governments not to fix a bug until they find a better 0Day to exploit.

    1. Re:Conspiracy! by Chrisq · · Score: 5, Funny

      An amazing way to exploit software that is ubiquitous on many computers. Let's start the conspiracy now that Apple are told by governments not to fix a bug until they find a better 0Day to exploit.

      You are obviously a government schill who has posed this as a "Lets start a conspiracy" to throw people of the fact that this is exactly what happened.

    2. Re:Conspiracy! by Yvan256 · · Score: 4, Funny

      In America
      You write haiku, in Russia
      The Haiku writes YOU

  2. Re:Liability by betterunixthanunix · · Score: 4, Insightful

    There's really only one solution: hold software makers libel for security vulnerabilities

    ...and thus kill the free software movement.

    The real answer is that dissidents need to start being more paranoid and more technically literate. A system that is used for personal entertainment should be kept physically separated from a system that is used to communicate with fellow dissidents.

    --
    Palm trees and 8
  3. Proof by Yvan256 · · Score: 4, Funny

    Yet another proof that Flash is dangerous! /duck

  4. OpenOffice has the same vulnerability by WD · · Score: 5, Informative

    And they haven't done anything about it for years, either.
    http://blogs.oracle.com/malte/entry/evilgrade_and_openoffice_org

  5. Re:That's funny... by CharlyFoxtrot · · Score: 5, Insightful

    I love how people here are focussing on iTunes and not the fact that British agencies are supplying the Egyptian secret police with software to nab dissidents. Seriously, WTF ?

    --
    If all else fails, immortality can always be assured by spectacular error.
  6. 1,200 days? by alexo · · Score: 4, Funny

    Apple 'waited more than 1,200 days to fix the flaw

    It's even worse than that
    The waited more than a HUNDRED MILLION seconds.

    I guess "more than three years" does not cut it anymore.