76970

https://android-review.googlesource.com/#/c/145961/

[android-security-updates] 20151005 Nexus Security Bulletin (October 2015)

The version of Apple iTunes installed on the remote macOS or Mac OS X host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :

  - Multiple vulnerabilities exist in the expat component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2009-3270,     CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,     CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,     CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)

  - Multiple vulnerabilities exist in the SQLite component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities by convincing a user to     open a specially crafted file, to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2013-7443,     CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,     CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :

  - Multiple vulnerabilities exist in the expat component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2009-3270,     CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,     CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,     CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)

  - Multiple vulnerabilities exist in the SQLite component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities by convincing a user to     open a specially crafted file, to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2013-7443,     CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,     CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)

  - An information disclosure vulnerability exists in the     APNs server component due to client certificates being     transmitted in cleartext. A man-in-the-middle attacker     can exploit this to disclose sensitive information.
    (CVE-2017-2383)

  - A use-after-free error exists in the WebKit component     due to improper handling of RenderBox objects. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-2463)

  - Multiple universal cross-site scripting (XSS)     vulnerabilities exist in the WebKit component due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these     vulnerabilities, by convincing a user to visit a     specially crafted web page, to execute arbitrary script     code in a user's browser session. (CVE-2017-2479,     CVE-2017-2480, CVE-2017-2493)

  - An integer overflow condition exists in the libxslt     component in the xsltAddTextString() function in     transform.c due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause an out-of-bounds write, resulting in the     execution of arbitrary code. (CVE-2017-5029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities :

  - Multiple vulnerabilities exist in the expat component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2009-3270,     CVE-2009-3560, CVE-2009-3720, CVE-2012-1147,     CVE-2012-1148, CVE-2012-6702, CVE-2015-1283,     CVE-2016-0718, CVE-2016-4472, CVE-2016-5300)

  - Multiple vulnerabilities exist in the SQLite component,     the most severe of which are remote code execution     vulnerabilities. An unauthenticated, remote attacker can     exploit these vulnerabilities by convincing a user to     open a specially crafted file, to cause a denial of     service condition or the execution of arbitrary code in     the context of the current user. (CVE-2013-7443,     CVE-2015-3414, CVE-2015-3415, CVE-2015-3416,     CVE-2015-3717, CVE-2015-6607, CVE-2016-6153)

  - An information disclosure vulnerability exists in the     APNs server component due to client certificates being     transmitted in cleartext. A man-in-the-middle attacker     can exploit this to disclose sensitive information.
    (CVE-2017-2383)

  - A use-after-free error exists in the WebKit component     due to improper handling of RenderBox objects. An     unauthenticated, remote attacker can exploit this to     execute arbitrary code. (CVE-2017-2463)

  - Multiple universal cross-site scripting (XSS)     vulnerabilities exist in the WebKit component due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit these     vulnerabilities, by convincing a user to visit a     specially crafted web page, to execute arbitrary script     code in a user's browser session. (CVE-2017-2479,     CVE-2017-2480, CVE-2017-2493)

  - An integer overflow condition exists in the libxslt     component in the xsltAddTextString() function in     transform.c due to improper validation of user-supplied     input. An unauthenticated, remote attacker can exploit     this to cause an out-of-bounds write, resulting in the     execution of arbitrary code. (CVE-2017-5029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
100027	Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)	Nessus	MacOS X Local Security Checks	high
100026	Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
100025	Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high

CVE-2015-6607

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins