Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check)
Medium Nessus Plugin ID 70588
SynopsisThe remote host contains an application that has multiple vulnerabilities.
DescriptionThe version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues :
- An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution.
- The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the 'iTunes Store'.
(CVE-2011-3102, CVE-2012-0841, CVE-2012-2807, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-5134, CVE-2013-1037, CVE-2013-1038, CVE-2013-1039, CVE-2013-1040, CVE-2013-1041, CVE-2013-1042, CVE-2013-1043, CVE-2013-1044, CVE-2013-1045, CVE-2013-1046, CVE-2013-1047, CVE-2013-2842, CVE-2013-5125, CVE-2013-5126, CVE-2013-5127, CVE-2013-5128)
SolutionUpgrade to Apple iTunes 11.1.2 or later.