ID CVE-2013-0994 Type cve Reporter cve@mitre.org Modified 2018-10-30T16:25:00
Description
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
{"openvas": [{"lastseen": "2017-12-20T13:22:39", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.", "modified": "2017-12-19T00:00:00", "published": "2013-06-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803806", "id": "OPENVAS:803806", "title": "Apple iTunes Multiple Vulnerabilities - June13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_jun13_win.nasl 8169 2017-12-19 08:42:31Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code,\n conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow.\n Impact Level: System/Application\";\n\ntag_affected = \"Apple iTunes before 11.0.3 on Windows\";\ntag_insight = \"Multiple flaws due to\n - Improper validation of SSL certificates.\n - Integer overflow error within the 'string.replace()' method.\n - Some vulnerabilities are due to a bundled vulnerable version of WebKit.\n - Array indexing error when handling JSArray objects.\n - Boundary error within the 'string.concat()' method.\";\ntag_solution = \"Upgrade to version 11.0.3 or later,\n For updates refer to http://www.apple.com/itunes/download\";\ntag_summary = \"This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(803806);\n script_version(\"$Revision: 8169 $\");\n script_cve_id(\"CVE-2013-1014\", \"CVE-2013-1011\", \"CVE-2013-1010\", \"CVE-2013-1008\",\n \"CVE-2013-1007\", \"CVE-2013-1006\", \"CVE-2013-1005\", \"CVE-2013-1004\",\n \"CVE-2013-1003\", \"CVE-2013-1002\", \"CVE-2013-1001\", \"CVE-2013-1000\",\n \"CVE-2013-0999\", \"CVE-2013-0998\", \"CVE-2013-0997\", \"CVE-2013-0996\",\n \"CVE-2013-0995\", \"CVE-2013-0994\", \"CVE-2013-0993\", \"CVE-2013-0992\",\n \"CVE-2013-0991\");\n script_bugtraq_id(59941, 59974, 59976, 59977, 59970, 59973, 59972, 59971,\n 59967, 59965, 59964, 59963, 59960, 59959, 59958, 59957,\n 59956, 59955, 59954, 59953, 59944);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 09:42:31 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-06 13:03:34 +0530 (Thu, 06 Jun 2013)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - June13 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5766\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53471\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ninfos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE );\nvers = infos['version'];\npath = infos['location'];\n\n## Check for the vulnerable version\nif( version_is_less( version:vers, test_version:\"11.0.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"11.0.3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:50", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.", "modified": "2019-05-17T00:00:00", "published": "2013-06-06T00:00:00", "id": "OPENVAS:1361412562310803806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803806", "title": "Apple iTunes Multiple Vulnerabilities - June13 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple iTunes Multiple Vulnerabilities - June13 (Windows)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:itunes\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803806\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2013-1014\", \"CVE-2013-1011\", \"CVE-2013-1010\", \"CVE-2013-1008\",\n \"CVE-2013-1007\", \"CVE-2013-1006\", \"CVE-2013-1005\", \"CVE-2013-1004\",\n \"CVE-2013-1003\", \"CVE-2013-1002\", \"CVE-2013-1001\", \"CVE-2013-1000\",\n \"CVE-2013-0999\", \"CVE-2013-0998\", \"CVE-2013-0997\", \"CVE-2013-0996\",\n \"CVE-2013-0995\", \"CVE-2013-0994\", \"CVE-2013-0993\", \"CVE-2013-0992\",\n \"CVE-2013-0991\");\n script_bugtraq_id(59941, 59974, 59976, 59977, 59970, 59973, 59972, 59971,\n 59967, 59965, 59964, 59963, 59960, 59959, 59958, 59957,\n 59956, 59955, 59954, 59953, 59944);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-06-06 13:03:34 +0530 (Thu, 06 Jun 2013)\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - June13 (Windows)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5766\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53471\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_itunes_detection_win_900123.nasl\");\n script_mandatory_keys(\"iTunes/Win/Installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code,\n conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow.\");\n script_tag(name:\"affected\", value:\"Apple iTunes before 11.0.3 on Windows\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to\n\n - Improper validation of SSL certificates.\n\n - Integer overflow error within the 'string.replace()' method.\n\n - Some vulnerabilities are due to a bundled vulnerable version of WebKit.\n\n - Array indexing error when handling JSArray objects.\n\n - Boundary error within the 'string.concat()' method.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 11.0.3 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://www.apple.com/itunes/download\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"11.0.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"11.0.3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:01", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.", "modified": "2018-10-12T00:00:00", "published": "2013-06-06T00:00:00", "id": "OPENVAS:1361412562310803807", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803807", "title": "Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_jun13_macosx.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary code,\n conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow.\");\n script_tag(name:\"affected\", value:\"Apple iTunes before 11.0.3 on Mac OS X\");\n script_tag(name:\"insight\", value:\"Multiple flaws due to\n\n - Improper validation of SSL certificates.\n\n - Integer overflow error within the 'string.replace()' method.\n\n - Some vulnerabilities are due to a bundled vulnerable version of WebKit.\n\n - Array indexing error when handling JSArray objects.\n\n - Boundary error within the 'string.concat()' method.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 11.0.3 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.803807\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-1014\", \"CVE-2013-1011\", \"CVE-2013-1010\", \"CVE-2013-1008\",\n \"CVE-2013-1007\", \"CVE-2013-1006\", \"CVE-2013-1005\", \"CVE-2013-1004\",\n \"CVE-2013-1003\", \"CVE-2013-1002\", \"CVE-2013-1001\", \"CVE-2013-1000\",\n \"CVE-2013-0999\", \"CVE-2013-0998\", \"CVE-2013-0997\", \"CVE-2013-0996\",\n \"CVE-2013-0995\", \"CVE-2013-0994\", \"CVE-2013-0993\", \"CVE-2013-0992\",\n \"CVE-2013-0991\");\n script_bugtraq_id(59941, 59974, 59976, 59977, 59970, 59973, 59972, 59971,\n 59967, 59965, 59964, 59963, 59960, 59959, 59958, 59957,\n 59956, 59955, 59954, 59953, 59944);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-06 13:03:34 +0530 (Thu, 06 Jun 2013)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT5766\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/53471\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_itunes_detect_macosx.nasl\");\n script_mandatory_keys(\"Apple/iTunes/MacOSX/Version\");\n script_xref(name:\"URL\", value:\"http://www.apple.com/itunes/download\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nituneVer= get_kb_item(\"Apple/iTunes/MacOSX/Version\");\nif(!ituneVer){\n exit(0);\n}\n\nif(version_is_less(version:ituneVer, test_version:\"11.0.3\"))\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:11:12", "bulletinFamily": "scanner", "description": "This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.", "modified": "2017-05-11T00:00:00", "published": "2013-06-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803807", "id": "OPENVAS:803807", "title": "Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_apple_itunes_mult_vuln_jun13_macosx.nasl 6104 2017-05-11 09:03:48Z teissa $\n#\n# Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)\n#\n# Authors:\n# Thanga Prakash S <tprakash@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to execute arbitrary code,\n conduct Man-in-the-Middle (MitM) attack or cause heap-based buffer overflow.\n Impact Level: System/Application\";\n\ntag_summary = \"This host is installed with Apple iTunes and is prone to\n multiple vulnerabilities.\";\ntag_solution = \"Upgrade to version 11.0.3 or later,\n For updates refer to http://www.apple.com/itunes/download\";\ntag_insight = \"Multiple flaws due to\n - Improper validation of SSL certificates.\n - Integer overflow error within the 'string.replace()' method.\n - Some vulnerabilities are due to a bundled vulnerable version of WebKit.\n - Array indexing error when handling JSArray objects.\n - Boundary error within the 'string.concat()' method.\";\ntag_affected = \"Apple iTunes before 11.0.3 on Mac OS X\";\n\nif(description)\n{\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_id(803807);\n script_version(\"$Revision: 6104 $\");\n script_cve_id(\"CVE-2013-1014\", \"CVE-2013-1011\", \"CVE-2013-1010\", \"CVE-2013-1008\",\n \"CVE-2013-1007\", \"CVE-2013-1006\", \"CVE-2013-1005\", \"CVE-2013-1004\",\n \"CVE-2013-1003\", \"CVE-2013-1002\", \"CVE-2013-1001\", \"CVE-2013-1000\",\n \"CVE-2013-0999\", \"CVE-2013-0998\", \"CVE-2013-0997\", \"CVE-2013-0996\",\n \"CVE-2013-0995\", \"CVE-2013-0994\", \"CVE-2013-0993\", \"CVE-2013-0992\",\n \"CVE-2013-0991\");\n script_bugtraq_id(59941, 59974, 59976, 59977, 59970, 59973, 59972, 59971,\n 59967, 59965, 59964, 59963, 59960, 59959, 59958, 59957,\n 59956, 59955, 59954, 59953, 59944);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-06-06 13:03:34 +0530 (Thu, 06 Jun 2013)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_name(\"Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)\");\n\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT5766\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/53471\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_itunes_detect_macosx.nasl\");\n script_mandatory_keys(\"Apple/iTunes/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nituneVer = \"\";\n\n##Get the version from kb\nituneVer= get_kb_item(\"Apple/iTunes/MacOSX/Version\");\nif(!ituneVer){\n exit(0);\n}\n\n## Check for the vulnerable version\nif(version_is_less(version:ituneVer, test_version:\"11.0.3\"))\n{\n security_message(0);\n exit(0);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:52", "bulletinFamily": "info", "description": "### *Detect date*:\n05/22/2013\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple critical vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or spoof HTTPS servers. Below is a complete list of vulnerabilities\n\n### *Affected products*:\nApple iTunes versions 11.0.2 and earlier\n\n### *Solution*:\nUpdate to latest version \n[iTunew](<https://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple bulletin](<http://support.apple.com/kb/HT5766>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2013-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992>)6.8Critical \n[CVE-2013-0999](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999>)9.3Critical \n[CVE-2013-0993](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993>)6.8Critical \n[CVE-2013-1014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1014>)4.3Critical \n[CVE-2013-1006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006>)9.3Critical \n[CVE-2013-0991](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991>)6.8Critical \n[CVE-2013-1001](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001>)9.3Critical \n[CVE-2013-0997](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997>)6.8Critical \n[CVE-2013-1003](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003>)9.3Critical \n[CVE-2013-1008](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008>)9.3Critical \n[CVE-2013-0996](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996>)6.8Critical \n[CVE-2013-0998](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998>)6.8Critical \n[CVE-2013-0995](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995>)6.8Critical \n[CVE-2013-1002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002>)9.3Critical \n[CVE-2013-0994](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994>)6.8Critical \n[CVE-2013-1005](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005>)9.3Critical \n[CVE-2013-1004](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004>)9.3Critical \n[CVE-2013-1010](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010>)9.3Critical \n[CVE-2013-1011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011>)6.8Critical \n[CVE-2013-1007](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007>)9.3Critical \n[CVE-2013-1000](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2013-05-22T00:00:00", "id": "KLA10076", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10076", "title": "\r KLA10076Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Multiple memory corruptions and crossite scripting.", "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:VULN:13127", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13127", "title": "WebKit / Apple Safari multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-06-04-2 Safari 6.0.5\r\n\r\nSafari 6.0.5 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative\r\nCVE-2013-0998 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-0999 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1009 : Apple\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1011 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1023 : Google Chrome Security Team (Inferno)\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\niframes. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Copying and pasting a malicious HTML snippet may lead to a\r\ncross-site scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\ncopied and pasted data in HTML documents. This issue was addressed\r\nthrough additional validation of pasted content.\r\nCVE-ID\r\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\r\n(xysec.com)\r\n\r\nWebKit\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.3\r\nImpact: Following a maliciously crafted link could lead to\r\nunexpected behavior on the target site\r\nDescription: XSS Auditor may rewrite URLs to prevent cross-site\r\nscripting attacks. This may lead to a malicious alteration of the\r\nbehavior of a form submission. This issue was addressed through\r\nimproved validation of URLs.\r\nCVE-ID\r\nCVE-2013-1013 : Sam Power of Pentest Limited\r\n\r\n\r\nFor OS X Lion systems Safari 6.0.5 is available via\r\nthe Apple Software Update application.\r\n\r\nFor OS X Mountain Lion systems Safari 6.0.5 is included with\r\nOS X v10.8.4.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRrjeeAAoJEPefwLHPlZEwCm4P/3WseW2DFgYieiAHghpGQ07e\r\n/XuNWzqld4CpXyFUQDkw55DU1Y9dVIIl663rSR0VyXJDB5dMh6iHEBRHX4tarGym\r\nbeZS0cDuakospFtX4MZgcKXu/8cV7b8lq9tzqH0pL419a61Fjhm1eRfDeM3snXkO\r\nkNCRi3nqOCmMroUiY+cJlKHi1x/t+2whISSM3QsIgpU5yyjEU3neMy2TPjuxC48h\r\nXZr9XaDX5cztv0MWCX+jkv+OpYPxVtPxBVw6rPLaX2eg7iwBM6yDbLF5i/4oY06t\r\nHzF2uCk8TlbFdk05Cr7HxmYV2qBei8VkcO1Mc4Ij3v3Q9iiKBRkr+d0CYQ1HSkrY\r\nigfCmfDiEpaKZfzCgwRsVFZ/UhuXTDipTFIzKrZSlbsglVyIQJtKVyyWEZDOKcYL\r\nkKCAS+ep0UyFIyeCCjFknd2hMneMR7a4u2XGJm1VtfRCA+ed3Cr0ROS+O9viGjYi\r\nQcm+2yzlWg9vpfojv+uX+aqh6IsprhfqXuF4ypM6D98IQ3fJqx9a0tVIPniFaLuP\r\nO39M+UGtPLAw7BMiKkb4XyEajKFwJt1pfddWkC1YjKjtyRGf62BDOtY2KqEsyzpF\r\n5nOzM3Vc+3urbur+69oqJLwRwC/PHkh1ym3LjrmqUW7+okckIGCQGt3iUwIWNKhp\r\n2YgKISKdQYxVSfkzkqYY\r\n=jk2e\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-06-17T00:00:00", "published": "2013-06-17T00:00:00", "id": "SECURITYVULNS:DOC:29465", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29465", "title": "APPLE-SA-2013-06-04-2 Safari 6.0.5", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:48", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-05-16-1 iTunes 11.0.3\r\n\r\niTunes 11.0.3 is now available and addresses the following:\r\n\r\niTunes\r\nAvailable for: Mac OS X v10.6.8 or later, Windows 7, Vista,\r\nXP SP2 or later\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: A certificate validation issue existed in iTunes. In\r\ncertain contexts, an active network attacker could present untrusted\r\ncertificates to iTunes and they would be accepted without warning.\r\nThis issue was resolved by improved certificate validation.\r\nCVE-ID\r\nCVE-2013-1014 : Christopher of ThinkSECURE Pte Ltd, Christopher\r\nHickstein of University of Minnesota\r\n\r\niTunes\r\nAvailable for: Windows 7, Vista, XP SP2 or later\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code executionn\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2012-2824 : miaubiz\r\nCVE-2012-2857 : Arthur Gerkis\r\nCVE-2012-3748 : Joost Pol and Daan Keuper of Certified Secure working\r\nwith HP TippingPoint's Zero Day Initiative\r\nCVE-2012-5112 : Pinkie Pie working with Google's Pwnium 2 contest\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0912 : Nils and Jon from MWR Labs working with HP\r\nTippingPoint's Zero Day Initiative\r\nCVE-2013-0948 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0949 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0950 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0951 : Apple\r\nCVE-2013-0952 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0953 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0954 : Dominic Cooney of Google and Martin Barbella of the\r\nGoogle Chrome Security Team\r\nCVE-2013-0955 : Apple\r\nCVE-2013-0956 : Apple Product Security\r\nCVE-2013-0958 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0959 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2013-0960 : Apple\r\nCVE-2013-0961 : wushi of team509 working with iDefense VCP\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP TippingPoint's Zero\r\nDay Initiative\r\nCVE-2013-0998 : pa_kt working with HP TippingPoint's Zero Day\r\nInitiative\r\nCVE-2013-0999 : pa_kt working with HP TippingPoint's Zero Day\r\nInitiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1011 : Google Chrome Security Team (Inferno)\r\n\r\n\r\niTunes 11.0.3 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nFor OS X:\r\nThe download file is named: "iTunes11.0.3.dmg"\r\nIts SHA-1 digest is: 83f4afc5d3b5698c811c87c27b975824116bbf1d\r\n\r\nFor Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunesSetup.exe"\r\nIts SHA-1 digest is: 1e95101b584762b3c46ab597c115cd86bfd45d64\r\n\r\nFor 64-bit Windows XP / Vista / Windows 7:\r\nThe download file is named: "iTunes64Setup.exe"\r\nIts SHA-1 digest is: 6669044bd50c1f753c8412a02556a70be09fd9f8\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJRlQ9KAAoJEPefwLHPlZEwbhcP+QHZGEAVCTw4+Z5k67ninaCS\r\nBV11pa8iySzuv0XZ9Se+CsI37IT1P3bVqEw/A+1i989Q00kaGCBNyt9m65krxNVX\r\nEhFLB8IxCfZqpM4C8ENhOkrY05iOfLx/DW7ioYM9TGTckpb6ayKkUBHkqn+bY3Hq\r\nb9rVeulzPfNsm1QtNp9eRGAL5Kq8vgEAlrMebUF1vOQ8CvGoGNplk0xRBm3Wg0im\r\ngCal7A/fwp9OQUnmlUMeASgbX+Q94ytM6RbPVXwiL1ghTK4bO2LEW1PXdp58cWhv\r\nkNtqO8eOokMl6wwLI6T69GmyfvoL7p5FcDRvuLCtzf2R9j6JgkXYMamP2Mbpr4d3\r\nxlNS2slJQfyRVELnJOv8bxl7Fi2EpBQtUe4WRk7StNWf34kwAb7lWUd1amfIWNcp\r\nlZSojjpShrA7zz82FZxt3q79Tq7Y398FH7ObcJVCWdbCI89TsoBujkP/P6lcp6mz\r\nTnRVLZq6xWnWz1SUsvM5qBfb1LjUREvKDc1anWVaiqW2BJEF0Mc87hkyL5q6YrIv\r\nVyUFBT5cJIqAKUD7MzsUjDMIsyXALVyj9zh1lJ0+c8QdCjPetk8tUg6TCun0nw95\r\nnkFYZJcHDZVLzn8rC/GoE2x8CwhFwN8ATzeS/zV9vxTJ1sHBN+ewkez8i8YTIj+y\r\n9M/53y+vsPwrcmmXCS3o\r\n=eN5K\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-05-27T00:00:00", "published": "2013-05-27T00:00:00", "id": "SECURITYVULNS:DOC:29426", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29426", "title": "APPLE-SA-2013-05-16-1 iTunes 11.0.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:51", "bulletinFamily": "software", "description": "Certificate validation vulnerability, multiple memory corruptions.", "modified": "2013-05-27T00:00:00", "published": "2013-05-27T00:00:00", "id": "SECURITYVULNS:VULN:13092", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13092", "title": "Apple iTunes multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-09-20-1 Apple TV 6.0\r\n\r\nApple TV 6.0 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JBIG2\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1025 : Felix Groebert of the Google Security Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of Sorenson\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: TrustWave, a trusted root CA, has issued, and\r\nsubsequently revoked, a sub-CA certificate from one of its trusted\r\nanchors. This sub-CA facilitated the interception of communications\r\nsecured by Transport Layer Security (TLS). This update added the\r\ninvolved sub-CA certificate to OS X's list of untrusted certificates.\r\nCVE-ID\r\nCVE-2013-5134\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker who has arbitrary code execution on a device may\r\nbe able to persist code execution across reboots\r\nDescription: Multiple buffer overflows existed in dyld's\r\nopenSharedCacheFile() function. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2013-3950 : Stefan Esser\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1026 : Felix Groebert of the Google Security Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A malicious local application could cause an unexpected\r\nsystem termination\r\nDescription: A null pointer dereference existed in IOCatalogue.\r\nThe issue was addressed through additional type checking.\r\nCVE-ID\r\nCVE-2013-5138 : Will Estes\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: An out of bounds array access existed in the\r\nIOSerialFamily driver. This issue was addressed through additional\r\nbounds checking.\r\nCVE-ID\r\nCVE-2013-5139 : @dent1zt\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: A remote attacker can cause a device to unexpectedly restart\r\nDescription: Sending an invalid packet fragment to a device can\r\ncause a kernel assert to trigger, leading to a device restart. The\r\nissue was addressed through additional validation of packet\r\nfragments.\r\nCVE-ID\r\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\r\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\r\nof Vulnerability Analysis Group, Stonesoft\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An attacker on a local network can cause a denial of service\r\nDescription: An attacker on a local network can send specially\r\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\r\naddressed by rate limiting ICMP packets before verifying their\r\nchecksum.\r\nCVE-ID\r\nCVE-2011-2391 : Marc Heuse\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Kernel stack memory may be disclosed to local users\r\nDescription: An information disclosure issue existed in the msgctl\r\nand segctl APIs. This issue was addressed by initializing data\r\nstructures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Unprivileged processes could get access to the contents of\r\nkernel memory which could lead to privilege escalation\r\nDescription: An information disclosure issue existed in the\r\nmach_port_space_info API. This issue was addressed by initializing\r\nthe iin_collision field in structures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-3953 : Stefan Esser\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Unprivileged processes may be able to cause an unexpected\r\nsystem termination or arbitrary code execution in the kernel\r\nDescription: A memory corruption issue existed in the handling of\r\narguments to the posix_spawn API. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-3954 : Stefan Esser\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: An unauthorized process may modify the set of loaded kernel\r\nextensions\r\nDescription: An issue existed in kextd's handling of IPC messages\r\nfrom unauthenticated senders. This issue was addressed by adding\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2013-5145 : "Rainbow PRISM"\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxml.\r\nThese issues were addressed by updating libxml to version 2.9.0.\r\nCVE-ID\r\nCVE-2011-3102 : Juri Aedla\r\nCVE-2012-0841\r\nCVE-2012-2807 : Juri Aedla\r\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxslt.\r\nThese issues were addressed by updating libxslt to version 1.1.28.\r\nCVE-ID\r\nCVE-2012-2825 : Nicolas Gregoire\r\nCVE-2012-2870 : Nicolas Gregoire\r\nCVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas\r\nGregoire\r\n\r\nApple TV\r\nAvailable for: Apple TV 2nd generation and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative\r\nCVE-2013-0998 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-0999 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1011\r\nCVE-2013-1037 : Google Chrome Security Team\r\nCVE-2013-1038 : Google Chrome Security Team\r\nCVE-2013-1039 : own-hero Research working with iDefense VCP\r\nCVE-2013-1040 : Google Chrome Security Team\r\nCVE-2013-1041 : Google Chrome Security Team\r\nCVE-2013-1042 : Google Chrome Security Team\r\nCVE-2013-1043 : Google Chrome Security Team\r\nCVE-2013-1044 : Apple\r\nCVE-2013-1045 : Google Chrome Security Team\r\nCVE-2013-1046 : Google Chrome Security Team\r\nCVE-2013-1047 : miaubiz\r\nCVE-2013-2842 : Cyril Cattiaux\r\nCVE-2013-5125 : Google Chrome Security Team\r\nCVE-2013-5126 : Apple\r\nCVE-2013-5127 : Google Chrome Security Team\r\nCVE-2013-5128 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJSPKFKAAoJEPefwLHPlZEwbNcP/352LQ8RLNL4kdQN7HkNV4lE\r\nF4r9LGM+SUyUHaXO/mUDGZxodhsLYdEVPZ9gYAkecbxqYBRw8vHiXtRHIwMdl92I\r\nOWIAtr5Zbd55Dv9hH7SvC9ji4bA+I+8AScVZkkXIresh8fRlkID/KxM9Z8ImgVpz\r\nb3pmFAfI35VaEdsefjX32f9p9SAEq58qi+59LVVjwnMu1/29zbvQlVatYz5+ISaz\r\nLiBIV8zCpeDiaa3M+VmHQFR8CRjlDHinEs55wlFsKITQ29iABAO4hHQJg5+djPwo\r\ntWZo6nVEuMhbwTL9xHKFriwmsio17Ky/qdJu1+c6nBfz/Wu2SqqtgwQTJXgOEU6N\r\nG7N3bvLpaTE7rtPRmeFrXg79wfKVGgwu1OwYvTDnMQ7VcI9Oal2akSBDzEMHXHVN\r\nwvUDbXAU2Ya+Ii46kgm5Xbbhr4yw2ckbuY7/b4w7S1iPFLGgk29vQK0wazF8yj/E\r\nyoPLWgTUgQLwWldvxHX/XcOTSXAlf2tOvWz257DMqoqT8brQ6a5CjAvTDHRRRFau\r\npOkzb3hV/C4Rx/8L+O/NVYLH4RmWhyjqfzKLvIYGTM1w8AoBKqvNcUitlwDMQTyw\r\nd9dhdaD6WbqOh9SC4qj3Nr6LijRr4Elgp+HUBlBmvnanS26zUsynXRYy1bvnJ3Po\r\nXp07MGtHmSPNt4ShV2XP\r\n=G8s7\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2013-10-02T00:00:00", "published": "2013-10-02T00:00:00", "id": "SECURITYVULNS:DOC:29865", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29865", "title": "APPLE-SA-2013-09-20-1 Apple TV 6.0", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "description": "Multiple vulnerabilities in differen subsystems.", "modified": "2013-10-02T00:00:00", "published": "2013-10-02T00:00:00", "id": "SECURITYVULNS:VULN:13312", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13312", "title": "Apple TV multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2013-09-18-2 iOS 7\r\n\r\niOS 7 is now available and addresses the following:\r\n\r\nCertificate Trust Policy\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Root certificates have been updated\r\nDescription: Several certificates were added to or removed from the\r\nlist of system roots.\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JBIG2\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1025 : Felix Groebert of the Google Security Team\r\n\r\nCoreMedia\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Playing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of Sorenson\r\nencoded movie files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)\r\nworking with HP's Zero Day Initiative\r\n\r\nData Protection\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Apps could bypass passcode-attempt restrictions\r\nDescription: A privilege separation issue existed in Data\r\nProtection. An app within the third-party sandbox could repeatedly\r\nattempt to determine the user's passcode regardless of the user's\r\n"Erase Data" setting. This issue was addressed by requiring\r\nadditional entitlement checks.\r\nCVE-ID\r\nCVE-2013-0957 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity\r\n\r\nData Security\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: TrustWave, a trusted root CA, has issued, and\r\nsubsequently revoked, a sub-CA certificate from one of its trusted\r\nanchors. This sub-CA facilitated the interception of communications\r\nsecured by Transport Layer Security (TLS). This update added the\r\ninvolved sub-CA certificate to OS X's list of untrusted certificates.\r\nCVE-ID\r\nCVE-2013-5134\r\n\r\ndyld\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker who has arbitrary code execution on a device may\r\nbe able to persist code execution across reboots\r\nDescription: Multiple buffer overflows existed in dyld's\r\nopenSharedCacheFile() function. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2013-3950 : Stefan Esser\r\n\r\nFile Systems\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker who can mount a non-HFS filesystem may be able\r\nto cause an unexpected system termination or arbitrary code execution\r\nwith kernel privileges\r\nDescription: A memory corruption issue existed in the handling of\r\nAppleDouble files. This issue was addressed by removing support for\r\nAppleDouble files.\r\nCVE-ID\r\nCVE-2013-3955 : Stefan Esser\r\n\r\nImageIO\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nencoded data in PDF files. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-1026 : Felix Groebert of the Google Security Team\r\n\r\nIOKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Background applications could inject user interface events\r\ninto the foreground app\r\nDescription: It was possible for background applications to inject\r\nuser interface events into the foreground application using the task\r\ncompletion or VoIP APIs. This issue was addressed by enforcing access\r\ncontrols on foreground and background processes that handle interface\r\nevents.\r\nCVE-ID\r\nCVE-2013-5137 : Mackenzie Straight at Mobile Labs\r\n\r\nIOKitUser\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious local application could cause an unexpected\r\nsystem termination\r\nDescription: A null pointer dereference existed in IOCatalogue.\r\nThe issue was addressed through additional type checking.\r\nCVE-ID\r\nCVE-2013-5138 : Will Estes\r\n\r\nIOSerialFamily\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Executing a malicious application may result in arbitrary\r\ncode execution within the kernel\r\nDescription: An out of bounds array access existed in the\r\nIOSerialFamily driver. This issue was addressed through additional\r\nbounds checking.\r\nCVE-ID\r\nCVE-2013-5139 : @dent1zt\r\n\r\nIPSec\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may intercept data protected with IPSec Hybrid\r\nAuth\r\nDescription: The DNS name of an IPSec Hybrid Auth server was not\r\nbeing matched against the certificate, allowing an attacker with a\r\ncertificate for any server to impersonate any other. This issue was\r\naddressed by improved certificate checking.\r\nCVE-ID\r\nCVE-2013-1028 : Alexander Traud of www.traud.de\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A remote attacker can cause a device to unexpectedly restart\r\nDescription: Sending an invalid packet fragment to a device can\r\ncause a kernel assert to trigger, leading to a device restart. The\r\nissue was addressed through additional validation of packet\r\nfragments.\r\nCVE-ID\r\nCVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous\r\nresearcher working with CERT-FI, Antti LevomAki and Lauri Virtanen\r\nof Vulnerability Analysis Group, Stonesoft\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious local application could cause device hang\r\nDescription: An integer truncation vulnerability in the kernel\r\nsocket interface could be leveraged to force the CPU into an infinite\r\nloop. The issue was addressed by using a larger sized variable.\r\nCVE-ID\r\nCVE-2013-5141 : CESG\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker on a local network can cause a denial of service\r\nDescription: An attacker on a local network can send specially\r\ncrafted IPv6 ICMP packets and cause high CPU load. The issue was\r\naddressed by rate limiting ICMP packets before verifying their\r\nchecksum.\r\nCVE-ID\r\nCVE-2011-2391 : Marc Heuse\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Kernel stack memory may be disclosed to local users\r\nDescription: An information disclosure issue existed in the msgctl\r\nand segctl APIs. This issue was addressed by initializing data\r\nstructures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unprivileged processes could get access to the contents of\r\nkernel memory which could lead to privilege escalation\r\nDescription: An information disclosure issue existed in the\r\nmach_port_space_info API. This issue was addressed by initializing\r\nthe iin_collision field in structures returned from the kernel.\r\nCVE-ID\r\nCVE-2013-3953 : Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unprivileged processes may be able to cause an unexpected\r\nsystem termination or arbitrary code execution in the kernel\r\nDescription: A memory corruption issue existed in the handling of\r\narguments to the posix_spawn API. This issue was addressed through\r\nadditional bounds checking.\r\nCVE-ID\r\nCVE-2013-3954 : Stefan Esser\r\n\r\nKext Management\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An unauthorized process may modify the set of loaded kernel\r\nextensions\r\nDescription: An issue existed in kextd's handling of IPC messages\r\nfrom unauthenticated senders. This issue was addressed by adding\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2013-5145 : "Rainbow PRISM"\r\n\r\nlibxml\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxml.\r\nThese issues were addressed by updating libxml to version 2.9.0.\r\nCVE-ID\r\nCVE-2011-3102 : Juri Aedla\r\nCVE-2012-0841\r\nCVE-2012-2807 : Juri Aedla\r\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\r\n\r\nlibxslt\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libxslt.\r\nThese issues were addressed by updating libxslt to version 1.1.28.\r\nCVE-ID\r\nCVE-2012-2825 : Nicolas Gregoire\r\nCVE-2012-2870 : Nicolas Gregoire\r\nCVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas\r\nGregoire\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A race condition issue existed in the handling of phone\r\ncalls and SIM card ejection at the lock screen. This issue was\r\naddressed through improved lock state management.\r\nCVE-ID\r\nCVE-2013-5147 : videosdebarraquito\r\n\r\nPersonal Hotspot\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker may be able to join a Personal Hotspot network\r\nDescription: An issue existed in the generation of Personal Hotspot\r\npasswords, resulting in passwords that could be predicted by an\r\nattacker to join a user's Personal Hotspot. The issue was addressed\r\nby generating passwords with higher entropy.\r\nCVE-ID\r\nCVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz\r\nof University Erlangen-Nuremberg\r\n\r\nPush Notifications\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: The push notification token may be disclosed to an app\r\ncontrary to the user's decision\r\nDescription: An information disclosure issue existed in push\r\nnotification registration. Apps requesting access to the push\r\nnotification access received the token before the user approved the\r\napp's use of push notifications. This issue was addressed by\r\nwithholding access to the token until the user has approved access.\r\nCVE-ID\r\nCVE-2013-5149 : Jack Flintermann of Grouper, Inc.\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\nXML files. This issue was addressed through additional bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: History of pages recently visited in an open tab may remain\r\nafter clearing of history\r\nDescription: Clearing Safari's history did not clear the\r\nback/forward history for open tabs. This issue was addressed by\r\nclearing the back/forward history.\r\nCVE-ID\r\nCVE-2013-5150\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing files on a website may lead to script execution even\r\nwhen the server sends a 'Content-Type: text/plain' header\r\nDescription: Mobile Safari sometimes treated files as HTML files\r\neven when the server sent a 'Content-Type: text/plain' header. This\r\nmay lead to cross-site scripting on sites that allow users to upload\r\nfiles. This issue was addressed through improved handling of files\r\nwhen 'Content-Type: text/plain' is set.\r\nCVE-ID\r\nCVE-2013-5151 : Ben Toews of Github\r\n\r\nSafari\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may allow an arbitrary URL to\r\nbe displayed\r\nDescription: A URL bar spoofing issue existed in Mobile Safari. This\r\nissue was addressed through improved URL tracking.\r\nCVE-ID\r\nCVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS\r\n\r\nSandbox\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Applications that are scripts were not sandboxed\r\nDescription: Third-party applications which used the #! syntax to\r\nrun a script were sandboxed based on the identity of the script\r\ninterpreter, not the script. The interpreter may not have a sandbox\r\ndefined, leading to the application being run unsandboxed. This issue\r\nwas addressed by creating the sandbox based on the identity of the\r\nscript.\r\nCVE-ID\r\nCVE-2013-5154 : evad3rs\r\n\r\nSandbox\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Applications can cause a system hang\r\nDescription: Malicious third-party applications that wrote specific\r\nvalues to the /dev/random device could force the CPU to enter an\r\ninfinite loop. This issue was addressed by preventing third-party\r\napplications from writing to /dev/random.\r\nCVE-ID\r\nCVE-2013-5155 : CESG\r\n\r\nSocial\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Users recent Twitter activity could be disclosed on devices\r\nwith no passcode.\r\nDescription: An issue existed where it was possible to determine\r\nwhat Twitter accounts a user had recently interacted with. This issue\r\nwas resolved by restricting access to the Twitter icon cache.\r\nCVE-ID\r\nCVE-2013-5158 : Jonathan Zdziarski\r\n\r\nSpringboard\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to a device in Lost Mode may\r\nbe able to view notifications\r\nDescription: An issue existed in the handling of notifications when\r\na device is in Lost Mode. This update addresses the issue with\r\nimproved lock state management.\r\nCVE-ID\r\nCVE-2013-5153 : Daniel Stangroom\r\n\r\nTelephony\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Malicious apps could interfere with or control telephony\r\nfunctionality\r\nDescription: An access control issue existed in the telephony\r\nsubsystem. Bypassing supported APIs, sandboxed apps could make\r\nrequests directly to a system daemon interfering with or controlling\r\ntelephony functionality. This issue was addressed by enforcing access\r\ncontrols on interfaces exposed by the telephony daemon.\r\nCVE-ID\r\nCVE-2013-5156 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\r\nLee from the Georgia Institute of Technology\r\n\r\nTwitter\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Sandboxed apps could send tweets without user interaction or\r\npermission\r\nDescription: An access control issue existed in the Twitter\r\nsubsystem. Bypassing supported APIs, sandboxed apps could make\r\nrequests directly to a system daemon interfering with or controlling\r\nTwitter functionality. This issue was addressed by enforcing access\r\ncontrols on interfaces exposed by the Twitter daemon.\r\nCVE-ID\r\nCVE-2013-5157 : Jin Han of the Institute for Infocomm Research\r\nworking with Qiang Yan and Su Mon Kywe of Singapore Management\r\nUniversity; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke\r\nLee from the Georgia Institute of Technology\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2013-0879 : Atte Kettunen of OUSPG\r\nCVE-2013-0991 : Jay Civelli of the Chromium development community\r\nCVE-2013-0992 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-0993 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0994 : David German of Google\r\nCVE-2013-0995 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0996 : Google Chrome Security Team (Inferno)\r\nCVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative\r\nCVE-2013-0998 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-0999 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2013-1000 : Fermin J. Serna of the Google Security Team\r\nCVE-2013-1001 : Ryan Humenick\r\nCVE-2013-1002 : Sergey Glazunov\r\nCVE-2013-1003 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1004 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1005 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1006 : Google Chrome Security Team (Martin Barbella)\r\nCVE-2013-1007 : Google Chrome Security Team (Inferno)\r\nCVE-2013-1008 : Sergey Glazunov\r\nCVE-2013-1010 : miaubiz\r\nCVE-2013-1037 : Google Chrome Security Team\r\nCVE-2013-1038 : Google Chrome Security Team\r\nCVE-2013-1039 : own-hero Research working with iDefense VCP\r\nCVE-2013-1040 : Google Chrome Security Team\r\nCVE-2013-1041 : Google Chrome Security Team\r\nCVE-2013-1042 : Google Chrome Security Team\r\nCVE-2013-1043 : Google Chrome Security Team\r\nCVE-2013-1044 : Apple\r\nCVE-2013-1045 : Google Chrome Security Team\r\nCVE-2013-1046 : Google Chrome Security Team\r\nCVE-2013-1047 : miaubiz\r\nCVE-2013-2842 : Cyril Cattiaux\r\nCVE-2013-5125 : Google Chrome Security Team\r\nCVE-2013-5126 : Apple\r\nCVE-2013-5127 : Google Chrome Security Team\r\nCVE-2013-5128 : Apple\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a malicious website may lead to information\r\ndisclosure\r\nDescription: An information disclosure issue existed in the handling\r\nof the window.webkitRequestAnimationFrame() API. A maliciously\r\ncrafted website could use an iframe to determine if another site used\r\nwindow.webkitRequestAnimationFrame(). This issue was addressed\r\nthrough improved handling of window.webkitRequestAnimationFrame().\r\nCVE-ID\r\nCVE-2013-5159\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Copying and pasting a malicious HTML snippet may lead to a\r\ncross-site scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\ncopied and pasted data in HTML documents. This issue was addressed\r\nthrough additional validation of pasted content.\r\nCVE-ID\r\nCVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c\r\n(xysec.com)\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\niframes. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\ninformation disclosure\r\nDescription: An information disclosure issue existed in XSSAuditor.\r\nThis issue was addressed through improved handling of URLs.\r\nCVE-ID\r\nCVE-2013-2848 : Egor Homakov\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Dragging or pasting a selection may lead to a cross-site\r\nscripting attack\r\nDescription: Dragging or pasting a selection from one site to\r\nanother may allow scripts contained in the selection to be executed\r\nin the context of the new site. This issue is addressed through\r\nadditional validation of content before a paste or a drag and drop\r\noperation.\r\nCVE-ID\r\nCVE-2013-5129 : Mario Heiderich\r\n\r\nWebKit\r\nAvailable for: iPhone 4 and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in the handling of\r\nURLs. This issue was addressed through improved origin tracking.\r\nCVE-ID\r\nCVE-2013-5131 : Erling A Ellingsen\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "7.0".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN\r\n0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e\r\nGoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2\r\nTyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni\r\n5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK\r\nibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT\r\nKXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG\r\nQthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY\r\nI2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz\r\nKf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt\r\nSCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR\r\nGowSVGG+cJtvrngVhy3E\r\n=dNVy\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2013-10-01T00:00:00", "published": "2013-10-01T00:00:00", "id": "SECURITYVULNS:DOC:29840", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29840", "title": "APPLE-SA-2013-09-18-2 iOS 7", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:52", "bulletinFamily": "software", "description": "Multiple vulnerabilities in different system components.", "modified": "2013-12-09T00:00:00", "published": "2013-12-09T00:00:00", "id": "SECURITYVULNS:VULN:13297", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13297", "title": "Apple iPhone / iPad multiple securit vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-01-01T00:03:59", "bulletinFamily": "scanner", "description": "The version of Apple Safari installed on the remote Mac OS X 10.7 or\n10.8 host is earlier than 6.0.5. It is, therefore, potentially\naffected by several issues :\n\n - Multiple memory corruption vulnerabilities exist in\n WebKit that could lead to unexpected program termination\n or arbitrary code execution. (CVE-2013-0879 /\n CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 /\n CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 /\n CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 /\n CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 /\n CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 /\n CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 /\n CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 /\n CVE-2013-1023)\n\n - A cross-site scripting issue exists in WebKit", "modified": "2020-01-02T00:00:00", "id": "MACOSX_SAFARI6_0_5.NASL", "href": "https://www.tenable.com/plugins/nessus/66810", "published": "2013-06-05T00:00:00", "title": "Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66810);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2013-0879\",\n \"CVE-2013-0926\",\n \"CVE-2013-0991\",\n \"CVE-2013-0992\",\n \"CVE-2013-0993\",\n \"CVE-2013-0994\",\n \"CVE-2013-0995\",\n \"CVE-2013-0996\",\n \"CVE-2013-0997\",\n \"CVE-2013-0998\",\n \"CVE-2013-0999\",\n \"CVE-2013-1000\",\n \"CVE-2013-1001\",\n \"CVE-2013-1002\",\n \"CVE-2013-1003\",\n \"CVE-2013-1004\",\n \"CVE-2013-1005\",\n \"CVE-2013-1006\",\n \"CVE-2013-1007\",\n \"CVE-2013-1008\",\n \"CVE-2013-1009\",\n \"CVE-2013-1010\",\n \"CVE-2013-1011\",\n \"CVE-2013-1012\",\n \"CVE-2013-1013\",\n \"CVE-2013-1023\"\n );\n script_bugtraq_id(\n 58731,\n 59326,\n 59944,\n 59953,\n 59954,\n 59955,\n 59956,\n 59957,\n 59958,\n 59959,\n 59960,\n 59963,\n 59964,\n 59965,\n 59967,\n 59970,\n 59971,\n 59972,\n 59973,\n 59974,\n 59976,\n 59977,\n 60361,\n 60362,\n 60363,\n 60364\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-06-04-2\");\n\n script_name(english:\"Mac OS X : Apple Safari < 6.0.5 Multiple Vulnerabilities\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote Mac OS X 10.7 or\n10.8 host is earlier than 6.0.5. It is, therefore, potentially\naffected by several issues :\n\n - Multiple memory corruption vulnerabilities exist in\n WebKit that could lead to unexpected program termination\n or arbitrary code execution. (CVE-2013-0879 /\n CVE-2013-0991 / CVE-2013-0992 / CVE-2013-0993 /\n CVE-2013-0994 / CVE-2013-0995 / CVE-2013-0996 /\n CVE-2013-0997 / CVE-2013-0998 / CVE-2013-0999 /\n CVE-2013-1000 / CVE-2013-1001 / CVE-2013-1002 /\n CVE-2013-1003 / CVE-2013-1004 / CVE-2013-1005 /\n CVE-2013-1006 / CVE-2013-1007 / CVE-2013-1008 /\n CVE-2013-1009 / CVE-2013-1010 / CVE-2013-1011 /\n CVE-2013-1023)\n\n - A cross-site scripting issue exists in WebKit's handling\n of iframes. (CVE-2013-1012)\n\n - A cross-site scripting issue exists in WebKit's handling\n of copied and pasted data in HTML documents.\n (CVE-2013-0926)\n\n - In rewriting URLs to prevent cross-site scripting\n attacks, XSS Auditor could be abused, leading to\n malicious alteration of the behavior of a form\n submission. (CVE-2013-1013)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-107/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-108/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-109/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5785\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/526807/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari 6.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-1010\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.[78]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.7 / 10.8\");\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"6.0.5\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T00:00:11", "bulletinFamily": "scanner", "description": "The version of Apple iTunes on the remote host is prior to version\n11.0.3. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists related to certificate validation. A\n man-in-the-middle attacker can exploit this to spoof\n HTTPS servers, which allows the disclosure of sensitive\n information or the application to trust data from\n untrusted sources. Note that this issue affects the\n application regardless of the operating system.\n (CVE-2013-1014)\n\n - The version of WebKit included in iTunes contains\n several errors that can lead to memory corruption and\n arbitrary code execution. The vendor states that one\n possible vector is a man-in-the-middle attack while the\n application browses the ", "modified": "2020-01-02T00:00:00", "id": "ITUNES_11_0_3_BANNER.NASL", "href": "https://www.tenable.com/plugins/nessus/66499", "published": "2013-05-17T00:00:00", "title": "Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66499);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2012-2824\",\n \"CVE-2012-2857\",\n \"CVE-2012-3748\",\n \"CVE-2012-5112\",\n \"CVE-2013-0879\",\n \"CVE-2013-0912\",\n \"CVE-2013-0948\",\n \"CVE-2013-0949\",\n \"CVE-2013-0950\",\n \"CVE-2013-0951\",\n \"CVE-2013-0952\",\n \"CVE-2013-0953\",\n \"CVE-2013-0954\",\n \"CVE-2013-0955\",\n \"CVE-2013-0956\",\n \"CVE-2013-0958\",\n \"CVE-2013-0959\",\n \"CVE-2013-0960\",\n \"CVE-2013-0961\",\n \"CVE-2013-0991\",\n \"CVE-2013-0992\",\n \"CVE-2013-0993\",\n \"CVE-2013-0994\",\n \"CVE-2013-0995\",\n \"CVE-2013-0996\",\n \"CVE-2013-0997\",\n \"CVE-2013-0998\",\n \"CVE-2013-0999\",\n \"CVE-2013-1000\",\n \"CVE-2013-1001\",\n \"CVE-2013-1002\",\n \"CVE-2013-1003\",\n \"CVE-2013-1004\",\n \"CVE-2013-1005\",\n \"CVE-2013-1006\",\n \"CVE-2013-1007\",\n \"CVE-2013-1008\",\n \"CVE-2013-1010\",\n \"CVE-2013-1011\",\n \"CVE-2013-1014\"\n );\n script_bugtraq_id(\n 54203,\n 54749,\n 55867,\n 56362,\n 57576,\n 57580,\n 57581,\n 57582,\n 57584,\n 57585,\n 57586,\n 57587,\n 57588,\n 57589,\n 57590,\n 58388,\n 58495,\n 58496,\n 59941,\n 59944,\n 59953,\n 59954,\n 59955,\n 59956,\n 59957,\n 59958,\n 59959,\n 59960,\n 59963,\n 59964,\n 59965,\n 59967,\n 59970,\n 59971,\n 59972,\n 59973,\n 59974,\n 59976,\n 59977\n );\n script_xref(name:\"EDB-ID\", value:\"28081\");\n\n script_name(english:\"Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a multimedia application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes on the remote host is prior to version\n11.0.3. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists related to certificate validation. A\n man-in-the-middle attacker can exploit this to spoof\n HTTPS servers, which allows the disclosure of sensitive\n information or the application to trust data from\n untrusted sources. Note that this issue affects the\n application regardless of the operating system.\n (CVE-2013-1014)\n\n - The version of WebKit included in iTunes contains\n several errors that can lead to memory corruption and\n arbitrary code execution. The vendor states that one\n possible vector is a man-in-the-middle attack while the\n application browses the 'iTunes Store'. Please note that\n these vulnerabilities only affect the application when\n it is running on a Windows host.\n (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,\n CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,\n CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,\n CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,\n CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,\n CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,\n CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,\n CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,\n CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,\n CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,\n CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,\n CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,\n CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-107/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-108/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-109/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5766\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/526623/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes 11.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type == 'AppleTV') audit(AUDIT_LISTEN_NOT_VULN, \"iTunes on AppleTV\", port, version);\n\nfixed_version = \"11.0.3\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T00:00:10", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is\nolder than 11.0.3. It therefore is potentially affected by several\nissues :\n\n - An error exists related to certificate validation\n that could allow disclosure of sensitive information\n and could allow the application to trust data from\n untrusted sources. (CVE-2013-1014)\n\n - The included version of WebKit contains several errors\n that could lead to memory corruption and possibly\n arbitrary code execution. The vendor notes one possible\n attack vector is a man-in-the-middle attack while the\n application browses the ", "modified": "2020-01-02T00:00:00", "id": "ITUNES_11_0_3.NASL", "href": "https://www.tenable.com/plugins/nessus/66498", "published": "2013-05-17T00:00:00", "title": "Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66498);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2012-2824\",\n \"CVE-2012-2857\",\n \"CVE-2012-3748\",\n \"CVE-2012-5112\",\n \"CVE-2013-0879\",\n \"CVE-2013-0912\",\n \"CVE-2013-0948\",\n \"CVE-2013-0949\",\n \"CVE-2013-0950\",\n \"CVE-2013-0951\",\n \"CVE-2013-0952\",\n \"CVE-2013-0953\",\n \"CVE-2013-0954\",\n \"CVE-2013-0955\",\n \"CVE-2013-0956\",\n \"CVE-2013-0958\",\n \"CVE-2013-0959\",\n \"CVE-2013-0960\",\n \"CVE-2013-0961\",\n \"CVE-2013-0991\",\n \"CVE-2013-0992\",\n \"CVE-2013-0993\",\n \"CVE-2013-0994\",\n \"CVE-2013-0995\",\n \"CVE-2013-0996\",\n \"CVE-2013-0997\",\n \"CVE-2013-0998\",\n \"CVE-2013-0999\",\n \"CVE-2013-1000\",\n \"CVE-2013-1001\",\n \"CVE-2013-1002\",\n \"CVE-2013-1003\",\n \"CVE-2013-1004\",\n \"CVE-2013-1005\",\n \"CVE-2013-1006\",\n \"CVE-2013-1007\",\n \"CVE-2013-1008\",\n \"CVE-2013-1010\",\n \"CVE-2013-1011\",\n \"CVE-2013-1014\"\n );\n script_bugtraq_id(\n 54203,\n 54749,\n 55867,\n 56362,\n 57576,\n 57580,\n 57581,\n 57582,\n 57584,\n 57585,\n 57586,\n 57587,\n 57588,\n 57589,\n 57590,\n 58388,\n 58495,\n 58496,\n 59941,\n 59944,\n 59953,\n 59954,\n 59955,\n 59956,\n 59957,\n 59958,\n 59959,\n 59960,\n 59963,\n 59964,\n 59965,\n 59967,\n 59970,\n 59971,\n 59972,\n 59973,\n 59974,\n 59976,\n 59977\n );\n script_xref(name:\"EDB-ID\", value:\"28081\");\n\n script_name(english:\"Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks version of iTunes on Windows\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that has multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nolder than 11.0.3. It therefore is potentially affected by several\nissues :\n\n - An error exists related to certificate validation\n that could allow disclosure of sensitive information\n and could allow the application to trust data from\n untrusted sources. (CVE-2013-1014)\n\n - The included version of WebKit contains several errors\n that could lead to memory corruption and possibly\n arbitrary code execution. The vendor notes one possible\n attack vector is a man-in-the-middle attack while the\n application browses the 'iTunes Store'.\n (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748,\n CVE-2012-5112, CVE-2013-0879, CVE-2013-0912,\n CVE-2013-0948, CVE-2013-0949, CVE-2013-0950,\n CVE-2013-0951, CVE-2013-0952, CVE-2013-0953,\n CVE-2013-0954, CVE-2013-0955, CVE-2013-0956,\n CVE-2013-0958, CVE-2013-0959, CVE-2013-0960,\n CVE-2013-0961, CVE-2013-0991, CVE-2013-0992,\n CVE-2013-0993, CVE-2013-0994, CVE-2013-0995,\n CVE-2013-0996, CVE-2013-0997, CVE-2013-0998,\n CVE-2013-0999, CVE-2013-1000, CVE-2013-1001,\n CVE-2013-1002, CVE-2013-1003, CVE-2013-1004,\n CVE-2013-1005, CVE-2013-1006, CVE-2013-1007,\n CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-107/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-108/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.zerodayinitiative.com/advisories/ZDI-13-109/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5766\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/May/msg00000.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/526623/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple iTunes 11.0.3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-5112\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"SMB/iTunes/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nversion = get_kb_item_or_exit(\"SMB/iTunes/Version\");\nfixed_version = \"11.0.3.42\";\npath = get_kb_item_or_exit(\"SMB/iTunes/Path\");\n\nif (ver_compare(ver:version, fix:fixed_version) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version+\n '\\n Fixed version : '+fixed_version+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-01T06:41:29", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV 2nd generation or later\ndevice is prior to 6.0. It is, therefore, reportedly affected by\nmultiple vulnerabilities, the most serious issues of which could\nresult in arbitrary code execution.", "modified": "2020-01-02T00:00:00", "id": "APPLETV_6_0.NASL", "href": "https://www.tenable.com/plugins/nessus/70257", "published": "2013-10-01T00:00:00", "title": "Apple TV < 6.0 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70257);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\n \"CVE-2011-2391\",\n \"CVE-2011-3102\",\n \"CVE-2012-0841\",\n \"CVE-2012-2807\",\n \"CVE-2012-2825\",\n \"CVE-2012-2870\",\n \"CVE-2012-2871\",\n \"CVE-2012-5134\",\n \"CVE-2013-0879\",\n \"CVE-2013-0991\",\n \"CVE-2013-0992\",\n \"CVE-2013-0993\",\n \"CVE-2013-0994\",\n \"CVE-2013-0995\",\n \"CVE-2013-0996\",\n \"CVE-2013-0997\",\n \"CVE-2013-0998\",\n \"CVE-2013-0999\",\n \"CVE-2013-1000\",\n \"CVE-2013-1001\",\n \"CVE-2013-1002\",\n \"CVE-2013-1003\",\n \"CVE-2013-1004\",\n \"CVE-2013-1005\",\n \"CVE-2013-1006\",\n \"CVE-2013-1007\",\n \"CVE-2013-1008\",\n \"CVE-2013-1010\",\n \"CVE-2013-1011\",\n \"CVE-2013-1019\",\n \"CVE-2013-1025\",\n \"CVE-2013-1026\",\n \"CVE-2013-1037\",\n \"CVE-2013-1038\",\n \"CVE-2013-1039\",\n \"CVE-2013-1040\",\n \"CVE-2013-1041\",\n \"CVE-2013-1042\",\n \"CVE-2013-1043\",\n \"CVE-2013-1044\",\n \"CVE-2013-1045\",\n \"CVE-2013-1046\",\n \"CVE-2013-1047\",\n \"CVE-2013-2842\",\n \"CVE-2013-3950\",\n \"CVE-2013-3953\",\n \"CVE-2013-3954\",\n \"CVE-2013-5125\",\n \"CVE-2013-5126\",\n \"CVE-2013-5127\",\n \"CVE-2013-5128\",\n \"CVE-2013-5138\",\n \"CVE-2013-5139\",\n \"CVE-2013-5140\",\n \"CVE-2013-5142\",\n \"CVE-2013-5145\"\n );\n script_bugtraq_id(\n 52107,\n 53540,\n 54203,\n 54718,\n 55331,\n 56684,\n 59326,\n 59944,\n 59953,\n 59954,\n 59955,\n 59956,\n 59957,\n 59958,\n 59959,\n 59960,\n 59963,\n 59964,\n 59965,\n 59967,\n 59970,\n 59971,\n 59972,\n 59973,\n 59974,\n 59976,\n 59977,\n 60067,\n 60102,\n 60437,\n 60441,\n 60444,\n 62368,\n 62369,\n 62520,\n 62522,\n 62524,\n 62529,\n 62531,\n 62536,\n 62551,\n 62553,\n 62554,\n 62556,\n 62557,\n 62558,\n 62559,\n 62560,\n 62563,\n 62565,\n 62567,\n 62568,\n 62569,\n 62570,\n 62571\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-09-20-1\");\n\n script_name(english:\"Apple TV < 6.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in banner\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV 2nd generation or later\ndevice is prior to 6.0. It is, therefore, reportedly affected by\nmultiple vulnerabilities, the most serious issues of which could\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT202815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/528762/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 6.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-5139\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\nmatches = egrep(pattern:pat, string:banner);\n\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n isnull(matches)\n) exit(0, \"The web server listening on port \"+port+\" does not appear to be from iTunes on an Apple TV.\");\n\n\nfixed_major = \"11.1\";\nfixed_char = \"b\";\nfixed_minor = \"37\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n char = match[2];\n minor = int(match[3]);\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n (\n ord(char) < ord(fixed_char) ||\n (\n ord(char) == ord(fixed_char) &&\n minor < fixed_minor\n )\n )\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + char + minor +\n '\\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor +\n '\\n';\n }\n break;\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major < 4) exit(0, \"The web server listening on port \"+port+\" is from iTunes on a 1st generation Apple TV, which is no longer supported.\");\n else if (major >= 4 && major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
