Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes for Windows < 11.2 Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of iTunes that is vulnerable to multiple vulnerabilities.

Description

Versions of iTunes earlier than 11.2 are affected by multiple vulnerabilities :

- A flaw exists in the way Set-Cookie HTTP headers are processed when the connection is closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. (CVE-2014-1296) - A memory corruption issue exists in iTunes MP4 parsing. A maliciously crafted audio or movie file could be used to trigger an unexpected application termination or arbitrary code execution. (CVE-2014-8842)

Solution

Upgrade to Apple iTunes 11.2 or later.