iTunes < 9.1 Multiple Vulnerabilities (Mac OS X)

Medium Nessus Plugin ID 45389


The remote Mac OS X host contains an application affected by multiple vulnerabilities.


The remote version of iTunes is older than 9.1. Such versions are potentially affected by multiple vulnerabilities :

- An infinite loop in the application's handling of imported MP4 podcast files may lead to an application crash and prevent subsequent operation. (CVE-2010-0531)

- Syncing a mobile device may allow a local user to gain the privileges of the console user due to an insecure file operation in the handling of log files.


Upgrade to iTunes 9.1 or later.

See Also

Plugin Details

Severity: Medium

ID: 45389

File Name: macosx_itunes_9_1.nasl

Version: $Revision: 1.13 $

Type: local

Agent: macosx

Published: 2010/03/31

Modified: 2017/05/10

Dependencies: 25997

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Required KB Items: Host/MacOSX/Version, installed_sw/iTunes

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/03/30

Vulnerability Publication Date: 2010/03/30

Reference Information

CVE: CVE-2010-0531, CVE-2010-1768

BID: 39113, 42538

OSVDB: 63449, 67332