Apple released updates to Mavericks and iOS that addressed a security flaw in SSL, but iTunes for Windows is still vulnerable, according to a report from iPhone in Canada. The flaw leaves Windows iTunes users vulnerable to a man-in-the-middle attack that could result in someone getting your iTunes login.
One bug squished, one bug survived.
Unfortunately this is just a case of history repeating itself. When this flaw was discovered the update was released immediately on Mac OS, but three weeks later on iOS, drawing criticism from a former employee for the delay. Unfortunately, that delay for Windows users is approaching two months now, which also seems suboptimal.
To protect against the man in the middle attack that exploits this security flaw, don’t do anything in iTunes for Windows that involves your password (buying music/apps, activating a device), and don’t connect that machine to public wifi networks.