SynopsisThe remote host is running a version of iTunes that is vulnerable to multiple vulnerabilities.
DescriptionVersions of iTunes earlier than 11.2 are affected by multiple vulnerabilities :
- A flaw exists in the way Set-Cookie HTTP headers are processed when the connection is closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. (CVE-2014-1296)
- A memory corruption issue exists in iTunes MP4 parsing. A maliciously crafted audio or movie file could be used to trigger an unexpected application termination or arbitrary code execution. (CVE-2014-8842)
SolutionUpgrade to Apple iTunes 11.2 or later.