There are three Macs, five iPhones, and five iPads in active use in my family. Additional Macs, iOS, and iPod devices sit idle or have been given away. I am intimately familiar with the ecosystem.
Anyone able to use this detail in an actual "attack" assuredly has many other avenues to carry out such an attack, and will continue to have such avenues unless and until Windows and Mac OS are at least as locked down as iOS.
And all you did was echo the lower portions of my own comment where I admitted that "fake alert" style applications could also take these details. And I'm sure other styles of attack as well.
The author of the article was trying to make a simple point though: If Apple allows an iTunes plugin such low level access that it can proxy a store transaction - ideally the thing they should be the most paranoid about - then they should probably revisit their plugin architecture (possibly taking a page from web browsing plugin sandboxing).
Claiming there will always be problems until the OS is as locked down as iOS is overkill.
You've already social-engineered your way to getting somebody to download and run an application, ignoring warnings along the way. Prompts for credentials when installing applications are perfectly normal.
> Configure proxy settings: prompt for admin credentials
??? Not on my machine. There isn't even a padlock icon in the relevant window.
Let's assume you're right and Apple should revisit it (I don't think they should; I prefer plugins that can, in fact, do anything they wish). How does that lead to the OP's hysterical conclusion?
Browser plugin sandboxing is a very new phenomenon. Apple doesn't give a shit about security because... they said they'll investigate doing something that has only recently been done for the first time at all? What?
Anyone able to use this detail in an actual "attack" assuredly has many other avenues to carry out such an attack, and will continue to have such avenues unless and until Windows and Mac OS are at least as locked down as iOS.