iTunes (for OS X) < 11.1.4 Tutorials Content Injection

Medium

Synopsis

The remote host is running a multimedia application that contains a content injection vulnerability.

Description

Versions of iTunes earlier than 11.1.4 are affected by an error related to the iTunes Tutorial window that could allow an attacker in a privileged network location to inject content.

Solution

Upgrade to iTunes 11.1.4 or later.