Summary
This host is installed with Apple iTunes and is prone to security bypass vulnerability.
Impact
Successful exploitation may allow an attacker to perform man-in-the-middle attacks and obtain sensitive information..
Impact Level: Application.
Solution
Upgrade to version 11.1.4 or later,
For updates refer to http://www.apple.com/itunes/download
Insight
The flaw exist due to iTunes Tutorials window, which uses a non-secure HTTP connection to retrieve content.
Affected
Apple iTunes before 11.1.4 on Mac OS X
Detection
Get the installed version of Apple iTunes and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1242 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability