Apple iTunes Multiple Vulnerabilities
Last Update Date:
20 May 2013 10:45
Release Date:
20 May 2013
4289
Views
RISK: High Risk
TYPE: Clients - Audio & Video
Multiple vulnerabilities have been identified in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system.
- The application does not properly validate SSL server certificates, which can be exploited to conduct Man-in-the-Middle (MitM) attacks.
- Some unspecified errors exist within the WebKit component. No further information is currently available.
- Some vulnerabilities are caused due to a bundled vulnerable version of WebKit.
Impact
- Remote Code Execution
- Spoofing
System / Technologies affected
- Apple iTunes 11.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 11.0.3.
Vulnerability Identifier
- CVE-2012-2824
- CVE-2012-2857
- CVE-2012-3748
- CVE-2012-5112
- CVE-2013-0879
- CVE-2013-0912
- CVE-2013-0948
- CVE-2013-0949
- CVE-2013-0950
- CVE-2013-0951
- CVE-2013-0952
- CVE-2013-0953
- CVE-2013-0954
- CVE-2013-0955
- CVE-2013-0956
- CVE-2013-0958
- CVE-2013-0959
- CVE-2013-0960
- CVE-2013-0961
- CVE-2013-0991
- CVE-2013-0992
- CVE-2013-0993
- CVE-2013-0994
- CVE-2013-0995
- CVE-2013-0996
- CVE-2013-0997
- CVE-2013-0998
- CVE-2013-0999
- CVE-2013-1000
- CVE-2013-1001
- CVE-2013-1002
- CVE-2013-1003
- CVE-2013-1004
- CVE-2013-1005
- CVE-2013-1006
- CVE-2013-1007
- CVE-2013-1008
- CVE-2013-1010
- CVE-2013-1011
- CVE-2013-1014
Source
Related Link
Share with