APPLE-SA-2013-01-28-1

APPLE-SA-2013-03-14-2

http://support.apple.com/kb/HT5642

Versions of iTunes earlier than 11.0.3 are reportedly affected by several vulnerabilities:

  - An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014)

  - The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'. (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011) 

The version of Apple iTunes on the remote host is prior to version 11.0.3. It is, therefore, affected by multiple vulnerabilities :

  - An error exists related to certificate validation. A     man-in-the-middle attacker can exploit this to spoof     HTTPS servers, which allows the disclosure of sensitive     information or the application to trust data from     untrusted sources. Note that this issue affects the     application regardless of the operating system.
    (CVE-2013-1014)

  - The version of WebKit included in iTunes contains     several errors that can lead to memory corruption and     arbitrary code execution. The vendor states that one     possible vector is a man-in-the-middle attack while the     application browses the 'iTunes Store'. Please note that     these vulnerabilities only affect the application when     it is running on a Windows host.
    (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,     CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,     CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,     CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,     CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,     CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,     CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,     CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,     CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,     CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,     CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,     CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,     CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)

The version of Apple iTunes installed on the remote Windows host is older than 11.0.3.  It therefore is potentially affected by several issues :

  - An error exists related to certificate validation     that could allow disclosure of sensitive information     and could allow the application to trust data from     untrusted sources. (CVE-2013-1014)

  - The included version of WebKit contains several errors     that could lead to memory corruption and possibly     arbitrary code execution. The vendor notes one possible     attack vector is a man-in-the-middle attack while the     application browses the 'iTunes Store'.
    (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,     CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,     CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,     CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,     CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,     CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,     CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,     CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,     CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,     CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,     CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,     CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,     CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)

The remote Mac OS X host has Safari installed. 

Versions of Safari earlier than 6.0.3 are reportedly affected by several issues :

  - Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. (CVE-2012-2824, CVE-2012-2857, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961)

  - A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking. (CVE-2012-2889)

  - A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content. (CVE-2013-0962)

The remote host has Safari installed. Versions of Safari earlier than 6.0.3 are reportedly affected by several issues :

  - Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. (CVE-2012-2824, CVE-2012-2857, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961)
 - A cross-site scripting issue existed in the handling of frame elements. This issue was addressed through improved origin tracking. (CVE-2012-2889)
 - A cross-site scripting issue existed in the handling of content pasted from a different origin. This issue was addressed through additional validation of pasted content. (CVE-2013-0962)

The version of Apple Safari installed on the remote Mac OS X 10.7 or 10.8 host is earlier than 6.0.3. It is, therefore, potentially affected by several issues :

  - Multiple memory corruption vulnerabilities exist in     WebKit that could lead to unexpected program termination     or arbitrary code execution. (CVE-2012-2824 /     CVE-2012-2857 / CVE-2013-0948 / CVE-2013-0949 /     CVE-2013-0950 / CVE-2013-0951 / CVE-2013-0952 /     CVE-2013-0953 / CVE-2013-0954 / CVE-2013-0955 /     CVE-2013-0956 / CVE-2013-0958 / CVE-2013-0959 /     CVE-2013-0960 / CVE-2013-0961)

  - A cross-site scripting issue exists in WebKit's handling     of frame elements. (CVE-2012-2889)

  - A cross-site scripting issue exists in WebKit's handling     of content pasted from a different origin.
    (CVE-2013-0962)

According to its banner, the remote Apple iOS device is missing a security update.  It is, therefore, affected by the following vulnerabilities :

 - An error related to 'EUC-JP' encoding could allow cross-site scripting attacks. (CVE-2011-3058)
 - An out-of-bounds read error exists, related to 802.11i information handling, that could allow remote attackers to disable Wi-Fi. (CVE-2012-2619)
 - An error exists related to certificate-based 'Apple ID' authentication that could allow improper trust extension. (CVE-2013-0963)
 - An error exists related to the 'copyin' and 'copyout' functions that could allow a user-mode process to access the first page of kernel memory. (CVE-2013-0964)
 - An error exists related to Mobile Safari preferences that could improperly allow JavaScript to be enabled after a user has disabled it. (CVE-2013-0974)
 - Many errors exist related to the bundled 'WebKit' components. (CVE-2012-2824, CVE-2012-2857, CVE-2012-2889, CVE-2012-3606, CVE-2012-3607, CVE-2012-3621, CVE-2012-3632, CVE-2012-3687, CVE-2012-3701, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0962, CVE-2013-0968)
 - Two intermediate certificates, improperly issued by TURKTRUST certificate authority, are incorrectly trusted.

The mobile device is running a version of iOS that is older than version 6.1.  This version contains security-related fixes for the following issues :

  - An error related to 'EUC-JP' encoding could allow cross-     site scripting attacks. (CVE-2011-3058)

  - An out-of-bounds read error exists related to 802.11i     information handling that could allow remote attackers     to disable WiFi. (CVE-2012-2619)

  - An error exists related to certificate-based     'Apple ID' authentication that could allow improper     trust extension. (CVE-2013-0963)

  - An error exists related to the 'copyin' and 'copyout'     functions that could allow a user-mode process to access     the first page of kernel memory. (CVE-2013-0964)

  - An error exists related to Mobile Safari     preferences that could improperly allow JavaScript     to be enabled after a user has disabled it.
    (CVE-2013-0974)

  - Many errors exist related to the bundled 'WebKit'     components. (CVE-2012-2824, CVE-2012-2857,     CVE-2012-2889, CVE-2012-3606, CVE-2012-3607,     CVE-2012-3621, CVE-2012-3632, CVE-2012-3687,     CVE-2012-3701, CVE-2013-0948, CVE-2013-0949,     CVE-2013-0950, CVE-2013-0951, CVE-2013-0952,     CVE-2013-0953, CVE-2013-0954, CVE-2013-0955,     CVE-2013-0956, CVE-2013-0958, CVE-2013-0959,     CVE-2013-0962, CVE-2013-0968)

  - Two intermediate certificates, improperly issued by     TURKTRUST certificate authority, are incorrectly     trusted.

ID	Name	Product	Family	Severity
6831	iTunes < 11.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
66499	Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	critical
66498	Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	critical
800999	Mac OS X : Safari < 6.0.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
6712	Safari < 6.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
65579	Mac OS X : Apple Safari < 6.0.3 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
6679	Apple iOS < 6.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
64287	Apple iOS < 6.1 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2013-0955

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

critical

high

high

high

high

high