26294256 story iTunes Flaw Allowed Spying On Dissidents 82 Posted by Soulskill on Friday November 25, 2011 @09:53AM from the but-only-from-a-macbook dept. Hugh Pickens writes writes "Democracy and free speech activists worldwide have something new to worry about — cyberwarfare via iTunes. The Telegraph reports that Gamma International sells computer hacking services to governments, offering 'zero day' security flaws that allow access to target computers 'with the ability to take control of the target systems functions to the point of capturing encrypted data and communications.' FinFisher spyware, known to be used by British agencies and offered to Egypt's feared secret police, takes advantage of an unencrypted HTTP request that is filed by iTunes when Apple Software Updater is inactive. It redirects users' web browsers to a customized web page that pretends Flash is not installed on the user's computer, then installs a sophisticated piece of spyware that sends info on a user's activities directly to foreign intelligence services. The latest iTunes software update, 10.5.1, released on November 14, appears to have fixed the exploit FinFisher used. A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet Apple 'waited more than 1,200 days to fix the flaw,' writes security researcher Brian Krebs."