icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

iTunes < 10.5.1 Update Authenticity Verification Weakness

High

Synopsis

The remote host contains an application that is vulnerable to multiple attack vectors.

Description

The remote host has iTunes installed, a popular media player for Windows and Mac OS.

Versions of iTunes earlier than 10.5.1 use an unsecured HTTP connection when checking for or retrieving software updates, which could allow a man-in-the-middle attacker to provide a Trojan horse update that appears to originate from Apple.

Solution

Upgrade to iTunes 10.5.1 or later.