"FinFisher" Spyware Exploits iTunes Vulnerability

Discussion in 'macOS' started by Pukey, Dec 15, 2011.

  1. Pukey, Dec 15, 2011
    Last edited: Dec 16, 2011

    Pukey macrumors 6502


    Jan 7, 2008
    Just wondering if everyone knows about the spyware called "FinFisher" developed by Gamma International in the UK that uses an iTunes vulnerability to infect your computer? This type of spyware is intended for government and authorities to spy on "criminals" and "terrorists" apparently and can log keystrokes, enable the microphone, the camera, etc. My concern is anyone could end up downloading it if it got out in the wild. I just heard about FinFisher today on Fresh Air and was very surprised that Apple took 3+ years to do anything about the iTunes security flaw that FinFisher was able to exploit. Not to mention the audacious breach of privacy this is. Apple was originally notified about the issue in July 2008 and not until October 2011 did they do anything about it. The iTunes 10.5.1 update is supposed to finally fix this flaw. Makes me wonder if it was an honest mistake on Apple's part or if they are like Google and Facebook in that they will bow to the government for anything unlike Twitter who will stand up for it's customers.
    One other thing...I've seen some disparaging stuff in MacRumors threads about WikiLeaks, but just for the record, it was WikiLeaks who helped get this information about FinFisher out.

    Some Links:
    Fresh Air Interview
    Krebs On Security
    Cult Of Mac Article
  2. DVD9 macrumors 6502a

    Feb 18, 2010
    Just came across this "Finfisher" Trojan

    Where is that guy who pops up everywhere on this site claiming that OS X is immune from trojans?

    Yes, obviously Apple cooperated and you can bet they patched this vulnerability after another was created so the problem continues.

    Really pissed off about this. Over two thousand dollars for a laptop and Apple is helping to create a hole for a trojan to take over my system.
  3. GGJstudios macrumors Westmere


    May 16, 2008
    Great resurrection of a year-old thread, but no one who is informed claims that OS X is immune from any malware. Read the following to get the facts.

  4. munkery macrumors 68020


    Dec 18, 2006
    Apple performs better than Microsoft in terms of security so, if Apples performance is not good enough, you don't have many options other than to completely stop using computers.

  5. munkery, Jan 20, 2013
    Last edited: Jan 20, 2013

    munkery macrumors 68020


    Dec 18, 2006
    BTW, you do realize that the FinFisher exploit only targets Windows machines that don't have Apple Software Update installed.

    From the security release for FinFisher patch linked to below:

    "Description: iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth."


Share This Page