Apparently, for three years multiple government agencies from around the world could have been hopping on your computer and seeing what you were up to. Yup, it appears that a British company called Gamma International had been marketing software called, FinFisher, which has been used to hack into machines running Apple’s iTunes.
Gamma International say they offer “zero day” security flaws, which have not been publicly disclosed, so attempts to exploit them are unlikely to be detected by anti-virus programs. They created the FinFisher software to exploit a vulnerability via a bogus update to iTunes, which is installed on more than 250 million machines worldwide. They then marketed this software to government and police agencies all around the world, including Egypt’s feared secret police, to spy on specific targets within the general public.
The crazy thing is that Apple was informed of the flaw in their iTunes software three years ago, in mid-2008. Seeing that Apple usually fixes security flaws within about 90 days, it raises questions as to whether Apple was willingly allowing this government hacking to take place or not. Seems that the hacking has been stopped for now though. Recently, Apple issued iTunes update 10.5.1. This update explained that, “a man-in-the-middle attacker may offer software that appears to originate from Apple”, adding that the “issue has been mitigated.” We’ll see.
I’m just glad that I have recently started using Spotify more!