Apple iTunes < 8.1 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 35913
SynopsisThe remote Windows host contains an application that is affected by multiple vulnerabilities.
DescriptionThe version of Apple iTunes installed on the remote Windows host is older than 8.1. Such versions may be affected by multiple vulnerabilities :
- It may be possible to cause a denial of service by sending a maliciously crafted DAAP header to the application. (CVE-2009-0016)
- When subscribing to a podcast an authentication dialog may be presented without clarifying the origin of the authentication request. An attacker could exploit this flaw in order to steal the user's iTunes credentials.
SolutionUpgrade to Apple iTunes 8.1 or later.