Detections
Analytics

iTunes < 12.6 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 700114

Synopsis

The remote host is running a version of iTunes that is affected by multiple attack vectors.

Description

Versions of iTunes prior to 12.6 are affected by multiple vulnerabilities :

 - A use-after-free condition exists that is triggered when handling RenderBox objects. With specially crafted web content, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2463)
 - A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the 'notifyChildNodeRemoved()' function in 'WebCore/dom/ContainerNodeAlgorithms.cpp' executes script code synchronously. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2479)
 - A flaw exists that allows a UXSS attack. This flaw exists because the program does not properly revalidates the 'SubframeLoader::requestFrame()' function in 'WebCore/loader/SubframeLoader.cpp'. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user's browser session within the trust relationship between their browser and any server. (CVE-2017-2480)

Solution

Upgrade to iTunes 12.6 or later.

See Also

https://support.apple.com/en-us/HT207607

Plugin Details

Severity: Medium

ID: 700114

Family: Web Clients

Published: 5/17/2017

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:itunes

Patch Publication Date: 3/28/2017

Vulnerability Publication Date: 3/28/2017

Reference Information

CVE: CVE-2017-2463, CVE-2017-2479, CVE-2017-2480

BID: 97176