Patched Security Flaw In Mac OS, iOS Unpatched in iTunes for Windows

| News

Apple released updates to Mavericks and iOS that addressed a security flaw in SSL, but iTunes for Windows is still vulnerable, according to a report from iPhone in Canada. The flaw leaves Windows iTunes users vulnerable to a man-in-the-middle attack that could result in someone getting your iTunes login.

One bug squished, one bug survived.

Unfortunately this is just a case of history repeating itself. When this flaw was discovered the update was released immediately on Mac OS, but three weeks later on iOS, drawing criticism from a former employee for the delay. Unfortunately, that delay for Windows users is approaching two months now, which also seems suboptimal.

To protect against the man in the middle attack that exploits this security flaw, don’t do anything in iTunes for Windows that involves your password (buying music/apps, activating a device), and don’t connect that machine to public wifi networks.

Comments

ibuck

is it just me, or does Apple have too many Chiefs and not enough Native Americans? Lots of VPs but not enough engineers to resolve issues like this in a timely manner? Jobs wanted to keep the company lean, like a startup. Yet there don’t seem to be enough engineers, designers, etc to get updated versions of existing products out the shipping door. If all their staff are working on new products (e.g., iWatch, iPhone 6, streaming,  etc), then they need to hire more people to update Apple TV, iTunes, Mail, Mac Mini, iPads, and so on.

OTOH, perhaps all the new stuff, AND revisions of existing products, will be announced on the 2-hour keynote on June 2nd. And more steady software and hardware updating will resume.

Log-in to comment