iTunes < 10.5.1 Update Authenticity Verification Weakness (Mac OS X)
Medium Nessus Plugin ID 56871
The remote host contains an application that is susceptible to a man-in-the-middle attack.
The version of iTunes installed on the remote Mac OS X host is earlier than 10.5.1. As such, it uses an unsecured HTTP connection when checking for or retrieving software updates, which could allow a man-in-the-middle attacker to provide a Trojan horse update that appears to originate from Apple.