While configuring iMessages on OS X Mountain Lion, Martin Levy at ShootitLive, found that they were able to take full control of someone else’s Apple ID over the same Wi-Fi network, which could mean that they can have full access to the other person’s iTunes and App Store accounts; they could change the verified email address and even change the security settings around.
Martin has described the process of how to take control of someone else’s Apple ID and from the looks of it the attack seems to be similar to that of a ‘Session Fixation Attack’. Once the user logs in there is some kind of ID string in the URL, we assume it to be a session ID, which Apple is probably not cross-checking with the cookie that is set on the user’s system.
The company has put up a slideshow trying to show their attack. You may head onto their site to check it out for yourself.