Apple Waited 3 Years to Patch iTunes Vulnerability that Allowed Governments to Spy

Security and privacy issues are always the rage and usually cause some rage when they surface. This latest one mentioned by Krebs On Security is certainly a head scratcher, even though the stories about it have been around for awhile. What makes it news is just that: the stories and info have been around for awhile and Apple only patched the vulnerability last month. First reported to Apple in 2008, the exploit was a Trojan, called FinFisher, that disguised itself as an iTunes update. After it was installed the Trojan allowed governments to do some spying on infected computers and mobile devices.

FinFisher is marketed to governments to allow for surreptitious monitoring of computers and mobile devices. In the post Krebs mentions that in during the turbulence in Egypt earlier this year, protesters discovered documents that the Egyptian government had licensed FinFisher.

In addition to describing the 3-year history of FinFisher and Apple the Krebs On Security post also links to a Der Spiegel article on how FinFisher was marketed that’s worth a read.