Apple ITunes Multiple Vulnerabilities - June13 (Mac OS X) Network Vulnerability

Summary

This host is installed with Apple iTunes and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code, conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow. Impact Level: System/Application

Solution

Upgrade to version 11.0.3 or later, For updates refer to http://www.apple.com/itunes/download

Insight

Multiple flaws due to - Improper validation of SSL certificates. - Integer overflow error within the 'string.replace()' method. - Some vulnerabilities are due to a bundled vulnerable version of WebKit. - Array indexing error when handling JSArray objects. - Boundary error within the 'string.concat()' method.

Affected

Apple iTunes before 11.0.3 on Mac OS X

References

http://lists.apple.com/archives/security-announce/2013/May/msg00000.html
http://secunia.com/advisories/53471
http://support.apple.com/kb/HT5766

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows

Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)

Take action and discover your vulnerabilities