10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.547 Medium
EPSS
Percentile
97.7%
Versions of iTunes earlier than 11.0.3 are reportedly affected by several vulnerabilities:
An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014)
The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the ‘iTunes Store’. (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)
Binary data 6831.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1014
lists.apple.com/archives/security-announce/2013/May/msg00000.html
support.apple.com/kb/HT5766
www.securityfocus.com/archive/1/526623/30/0/threaded