Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)
High Nessus Plugin ID 66498
Synopsis
The remote host contains an application that has multiple vulnerabilities.
Description
The version of Apple iTunes installed on the remote Windows host is older than 11.0.3. It therefore is potentially affected by several issues :
- An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014)
- The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'.
(CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)
Solution
Upgrade to Apple iTunes 11.0.3 or later.