KLA10076
Multiple vulnerabilities in Apple iTunes
Updated: 06/17/2019
Detect date
?
05/22/2013
Severity
?
Critical
Description

Multiple critical vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or spoof HTTPS servers. Below is a complete list of vulnerabilities

  1. Vectors related to browsing the iTunes Store can be exploited remotely by man-in-the-middle attacks;
  2. Improper certificate verification can be exploited remotely by man-in-the-middle attacks.
Affected products

Apple iTunes versions 11.0.2 and earlier

Solution

Update to latest version
iTunew

Original advisories

Apple bulletin

Impacts
?
ACE 
[?]

DoS 
[?]

SUI 
[?]
CVE-IDS
?
CVE-2013-09926.8High
CVE-2013-09999.3Critical
CVE-2013-09936.8High
CVE-2013-10144.3Warning
CVE-2013-10069.3Critical
CVE-2013-09916.8High
CVE-2013-10019.3Critical
CVE-2013-09976.8High
CVE-2013-10039.3Critical
CVE-2013-10089.3Critical
CVE-2013-09966.8High
CVE-2013-09986.8High
CVE-2013-09956.8High
CVE-2013-10029.3Critical
CVE-2013-09946.8High
CVE-2013-10059.3Critical
CVE-2013-10049.3Critical
CVE-2013-10109.3Critical
CVE-2013-10116.8High
CVE-2013-10079.3Critical
CVE-2013-10009.3Critical