Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (credentialed check)
Medium Nessus Plugin ID 56872
The remote host contains an application that is susceptible to a man-in-the-middle attack.
The version of Apple iTunes installed on the remote Mac OS X host is earlier than 10.5.1. As such, it uses an unsecured HTTP connection when checking for or retrieving software updates, which could allow a man-in-the-middle attacker to provide a Trojan horse update that appears to originate from Apple.