This probably doesn't surprise anyone. Microsoft Windows probably has
something similar ever since Vista (Microsoft itself said that some
crypto-stuff in Vista was co-developed with the NSA). The antitrust
junk against MS was probably dropped in exchange for a back-door.
What Apple gets in exchange for this - anyone know?
=================================
Apple iTunes flaw 'allowed government spying for 3 years
http://www.telegraph.co.uk/technolog...r-3-years.html
An unpatched security flaw in Apple’s iTunes software allowed
intelligence agencies and police to hack into users’ computers for more
than three years, it’s claimed.
By Christopher Williams, Technology Correpsondent
1:27PM GMT 24 Nov 2011
A British company called Gamma International marketed hacking software
to governments that exploited the vulnerability via a bogus update to
iTunes, Apple's media player, which is installed on more than 250
million machines worldwide.
The hacking software, FinFisher, is used to spy on intelligence targets’
computers. It is known to be used by British agencies and earlier this
year records were discovered in abandoned offices of that showed it had
been offered to Egypt’s feared secret police.
Apple was informed about the relevant flaw in iTunes in 2008, according
to Brian Krebs, a security writer, but did not patch the software until
earlier this month, a delay of more than three years.
“A prominent security researcher warned Apple about this dangerous
vulnerability in mid-2008, yet the company waited more than 1,200 days
to fix the flaw,” he said in a blog post.
"The disclosure raises questions about whether and when Apple knew about
the Trojan offering, and its timing in choosing to sew up the security
hole in this ubiquitous software title."
On average Apple takes just 91 days to fix security flaws after they are
disclosed, Mr Krebs wrote.
Francisco Amato, the Argentinian security researcher who warned Apple
about the problem suggested that "maybe they forgot about it, or it was
just on the bottom of their to-do list".
In response to reports that FinFisher targeted iTunes, Apple has said
that it works "to find and fix any issues that could compromise
systems".
"The security and privacy of our users is extremely important,” a
spokeswoman said.
This month's iTunes update 10.5.1 explained that "a man-in-the-middle
attacker may offer software that appears to originate from Apple",
adding that the "issue has been mitigated".
Gamma International has not commented on the matter. Registered in
Winchester, the firm is one of several companies that sell computer
hacking services to governments. They offer "zero day" security flaws,
which have not been publicly disclosed, so attempts to exploit them are
unlikely to be detected by anti-virus programs.
Reply With Quote