Apple iTunes flaw 'allowed government spying for 3+ years'

Apple’s iTunes software allowed police and intelligence agencies to spy into users’ computers for more than three years

The hacking software named FinFisher was marketed to the government agencies by a British company-Gamma International. The software used a fake update to iTunes, Apple's media player to exploit the flaw.

 “A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw,” he said in his blog post, pointing a delay of 3+ years despite knowing about the Trojan hole

Apple takes 91 days on average to fix security flaws after they are disclosed, Mr. Krebs wrote.

Francisco Amato, the Argentinian security researcher who warned Apple about the flaw suggested that "maybe they forgot about it, or it was just on the bottom of their to-do list".

In response to reports that FinFisher targeted iTunes, Apple has said that it works "to find and fix any issues that could compromise systems".

"The security and privacy of our users is extremely important,” Apple spokeswoman said, responding to the concerns raised about the flaw.

Furthermore, this month update on iTunes10.5.1 warned that "a man-in-the-middle attacker may offer software that appears to originate from Apple”, saying further that the issue has been resolved