Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

iTunes < 12.0.1 Multiple Vulnerabilities

Critical

Synopsis

The remote host is running a multimedia application that is unpatched for a number of vulnerabilities.

Description

Versions of iTunes earlier than 12.0.1 are missing updates that patch memory corruption vulnerabilities within WebKit, as well as a patch that fixes a man-in-the-middle vulnerability that affects encrypted connections to the iTunes Store via iTunes. The most severe of these vulnerabilites can result in arbitrary remote code execution or unexpected application termination.

Solution

Upgrade to iTunes 12.0.1 or later.