Apple iTunes < 12.3.2 Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains an application that is affected by multiple
vulnerabilities.

Description :

The version of Apple iTunes installed on the remote Windows host is
prior to 12.3.2. It is, therefore, affected by multiple
vulnerabilities in the WebKit component :

- Multiple memory corruption issues exists that an
attacker can exploit to cause a denial of service or
execute arbitrary code. (CVE-2015-7048, CVE-2015-7095,
CVE-2015-7096, CVE-2015-7097, CVE-2015-7098,
CVE-2015-7099, CVE-2015-7100, CVE-2015-7101,
CVE-2015-7102, CVE-2015-7103, CVE-2015-7104)

- A flaw exists in content blocking due to improper
validation of input. A remote attacker can exploit this,
via a malicious website, to reveal the user's browsing
history. (CVE-2015-7050)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://support.apple.com/en-us/HT205636
http://www.nessus.org/u?3562e993

Solution :

Upgrade to Apple iTunes version 12.3.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:ND/RC:UR)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now