There was a relevant update to iTunes last night (or earlier this week) for both OS X and Windows. It is usually these types of updates i keep an eye out for, as it is most importantly an update to certificate validation.
CVE-2013-1014 as it impacts iTunes for Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later (http://support.apple.com/kb/HT5766) -
"Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
Description: A certificate validation issue existed in iTunes. In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning. This issue was resolved by improved certificate validation."
There were almost forty other CVEs for iTunes on Windows. And just a last bit - the discussion and quality of submissions here at Hacker News has taken a substantial fucking nose dive in the last year. I change my name every so often, but i can tell you that i've been here long enough to say that.
CVE-2013-1014 as it impacts iTunes for Mac OS X v10.6.8 or later, Windows 7, Vista, XP SP2 or later (http://support.apple.com/kb/HT5766) -
"Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information
Description: A certificate validation issue existed in iTunes. In certain contexts, an active network attacker could present untrusted certificates to iTunes and they would be accepted without warning. This issue was resolved by improved certificate validation."
There were almost forty other CVEs for iTunes on Windows. And just a last bit - the discussion and quality of submissions here at Hacker News has taken a substantial fucking nose dive in the last year. I change my name every so often, but i can tell you that i've been here long enough to say that.