Skip to main content

Apple Takes Three Years to Fix Security Flaw in iTunes

A dangerous security flaw in iTunes, which was used by many governments to spy on people all over the world, was patched by Apple three years after it was reported.

According to an article (opens in new tab) on The Telegraph, the flaw was first reported by an Argentinian security researcher named Francisco Amato.

The flaw allows anyone to send a bogus iTunes update to target users and install malware in the system, which is then used to monitor the PC.

A UK based company called Gamma Technologies has been selling software named FinFisher to governments and law enforcement agencies around the world, allowing them to leverage the flaw to monitor PC systems belonging to their targets.

The UK government already uses the software and there is evidence that it was also offered to Egypt's secret police.

"A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw," commented security writer Brian Kebbs in a blog post (opens in new tab).

"The disclosure raises questions about whether and when Apple knew about the Trojan offering, and its timing in choosing to sew up the security hole in this ubiquitous software title," he added.