Client-side software update verification failures
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.
And to be clear, I'm a fan of both verification and transport encryption. I feel that each can help mitigate potential issues with the other. Both are necessary, but neither is sufficient.