Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains a multimedia application that has multiple

Description :

The version of Apple iTunes on the remote host is prior to version
11.0.3. It is, therefore, affected by multiple vulnerabilities :

- An error exists related to certificate validation. A
man-in-the-middle attacker can exploit this to spoof
HTTPS servers, which allows the disclosure of sensitive
information or the application to trust data from
untrusted sources. Note that this issue affects the
application regardless of the operating system.

- The version of WebKit included in iTunes contains
several errors that can lead to memory corruption and
arbitrary code execution. The vendor states that one
possible vector is a man-in-the-middle attack while the
application browses the 'iTunes Store'. Please note that
these vulnerabilities only affect the application when
it is running on a Windows host.
(CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,
CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,
CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,
CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,
CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,
CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,
CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,
CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,
CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,
CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,
CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,
CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,
CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)

See also :

Solution :

Upgrade to Apple iTunes 11.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.8
Public Exploit Available : true