Apple iTunes < 12.3.2 Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.

Synopsis :

The remote host contains an application that is affected by multiple

Description :

The version of Apple iTunes installed on the remote Windows host is
prior to 12.3.2. It is, therefore, affected by multiple
vulnerabilities in the WebKit component :

- Multiple memory corruption issues exists that an
attacker can exploit to cause a denial of service or
execute arbitrary code. (CVE-2015-7048, CVE-2015-7095,
CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7101,
CVE-2015-7102, CVE-2015-7103, CVE-2015-7104)

- A flaw exists in content blocking due to improper
validation of input. A remote attacker can exploit this,
via a malicious website, to reveal the user's browsing
history. (CVE-2015-7050)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

Solution :

Upgrade to Apple iTunes version 12.3.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.5
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now