Fresh reports say that a German company created software that could monitor from the remote while exploiting a security flaw within iTunes for contaminating target PCs. Actually, an advertising movie file exhibited Gamma International (GmbH) the German company's spyware software -"FinFisher" that particularly utilized one flaw within the update system of iTunes for getting itself loaded onto the target PC. H-online.com published this on November 21, 2011.
Basically, it's possible to exploit the flaw, as given the presumption that the Software Updater from Apple is dormant, iTunes utilizes one unencrypted HTTP query for getting access to the URL to obtain the application's most recent edition via an Apple server. And since there's no encryption of the query, the said URL could be customized. Thus, when an end-user acts in response to a message about a revised iTunes application, he could land on a specially-designed web-page crafted for loading the spying software on his PC.
Further, upon getting the spyware software loaded, the program could say intercept Skype communications prior to any Skype software encrypting it.
...
