Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (uncredentialed check)
Medium Nessus Plugin ID 56873
The remote host contains an application that is susceptible to a man-in-the-middle attack.
The version of Apple iTunes on the remote host is prior to version 10.5.1. It is, therefore, affected by a man-in-the-middle vulnerability due to using unsecured HTTP connections when checking for or retrieving software updates. A remote attacker can exploit this to execute arbitrary code by means of a trojan horse update that appears to originate from Apple.