icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

iTunes for Windows < 11.1.4 Multiple Vulnerabilities

High

Synopsis

The remote host is running a multimedia application that is out of date and thus may contain vulnerabilities.

Description

Versions of iTunes earlier than 11.1.4 are reportedly affected by the following vulnerabilities:

- An uninitialized memory access issue in the handling of text tracks could be leveraged for arbitrary code execution via a malicious movie file.

- Multiple memory corruption issues exist in WebKit, which can be leveraged for arbitrary code execution via a man-in-the-middle attack.

- Multiple memory corruption issues exist in the libxml library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

- Multiple memory corruption issues exist in the libxslt library, which could be leveraged to execute arbitrary code via a man-in-the-middle attack; this library has since been updated.

Solution

Upgrade to iTunes 11.1.4 or later.