Apple ITunes Multiple Vulnerabilities - June13 (Windows) Network Vulnerability

Summary

This host is installed with Apple iTunes and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code, conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow. Impact Level: System/Application

Solution

Upgrade to version 11.0.3 or later, For updates refer to http://www.apple.com/itunes/download

Insight

Multiple flaws due to - Improper validation of SSL certificates. - Integer overflow error within the 'string.replace()' method. - Some vulnerabilities are due to a bundled vulnerable version of WebKit. - Array indexing error when handling JSArray objects. - Boundary error within the 'string.concat()' method.

Affected

Apple iTunes before 11.0.3 on Windows

References

http://lists.apple.com/archives/security-announce/2013/May/msg00000.html
http://secunia.com/advisories/53471
http://support.apple.com/kb/HT5766

Updated on 2015-03-25

Severity

Classification

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
Adobe Dreamweaver Insecure Library Loading Vulnerability

Apple iTunes Multiple Vulnerabilities - June13 (Windows)

Take action and discover your vulnerabilities