This script is Copyright (C) 2016 Tenable Network Security, Inc.
An application running on the remote host is affected by multiple
The version of Apple iTunes running on the remote Windows host is
prior to 12.5.2 It is, therefore, affected by multiple
- An information disclosure vulnerability exists in WebKit
when handling the location attribute due to improper
validation of user-supplied input. An unauthenticated,
remote attacker can exploit this, via specially crafted
web content, to disclose sensitive information on the
user's system. (CVE-2016-4613)
- Multiple memory corruption issues exist in WebKit due to
improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit these, via
specially crafted web content, to execute arbitrary
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Apple iTunes version 12.5.2 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false