Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_10_4.NASLHistoryMar 05, 2020 - 12:00 a.m.
Apple iTunes < 12.10.4 Multiple Vulnerabilities (credentialed check)
2020-03-0500:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
8 High
AI Score
Confidence
Low
The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by multiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(134222);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/25");
script_cve_id(
"CVE-2020-3825",
"CVE-2020-3826",
"CVE-2020-3846",
"CVE-2020-3861",
"CVE-2020-3862",
"CVE-2020-3864",
"CVE-2020-3865",
"CVE-2020-3867",
"CVE-2020-3868"
);
script_xref(name:"APPLE-SA", value:"HT210923");
script_xref(name:"APPLE-SA", value:"APPLE-SA-2020-1-28-6");
script_name(english:"Apple iTunes < 12.10.4 Multiple Vulnerabilities (credentialed check)");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple vulnerabilities");
script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is prior to 12.10.4. It is, therefore, affected by
multiple vulnerabilities as referenced in the HT210923 advisory. Note that Nessus has not tested for this issue but has
instead relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT210923");
script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.10.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3868");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("itunes_detect.nasl");
script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
exit(0);
}
include('vcf.inc');
get_kb_item_or_exit('SMB/Registry/Enumerated');
app_info = vcf::get_app_info(app:'iTunes Version', win_local:TRUE);
constraints = [{'fixed_version':'12.10.4'}];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3825
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3826
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3846
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3868
support.apple.com/en-us/HT210923
Related
apple
apple
About the security content of iTunes 12.10.4 for Windows - Apple Support
2020-02-12 06:49:20
About the security content of iTunes 12.10.4 for Windows
2020-01-28 00:00:00
About the security content of iCloud for Windows 7.17
2020-01-28 00:00:00
nessus
nessus
Apple iTunes < 12.10.4 Multiple Vulnerabilities (uncredentialed check)
2020-03-05 00:00:00
Apple iCloud 7.x < 7.17 Multiple Vulnerabilities
2020-07-02 00:00:00
Apple iCloud 10.x < 10.9.2 Multiple Vulnerabilities
2020-07-02 00:00:00
kaspersky
kaspersky
KLA11651 Multiple vulnerabilities in Apple iTunes
2020-01-28 00:00:00
KLA11650 Multiple vulnerabilities in Apple iCloud
2020-01-28 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2020-02-18 00:00:00
osv
osv
webkit2gtk - security update
2020-02-17 00:00:00
Moderate: GNOME security, bug fix, and enhancement update
2020-11-03 12:05:56
Moderate: GNOME security, bug fix, and enhancement update
2020-11-03 12:05:56
fedora
fedora
[SECURITY] Fedora 31 Update: webkit2gtk3-2.26.4-1.fc31
2020-02-20 05:05:30
[SECURITY] Fedora 30 Update: webkit2gtk3-2.26.4-1.fc30
2020-02-23 01:09:49
openvas
openvas
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-4d11d35a1f)
2020-02-23 00:00:00
Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-3269917c2f)
2020-02-21 00:00:00
Ubuntu: Security Advisory (USN-4281-1)
2020-02-19 00:00:00
archlinux
archlinux
[ASA-202002-10] webkit2gtk: multiple issues
2020-02-17 00:00:00
debian
debian
[SECURITY] [DSA 4627-1] webkit2gtk security update
2020-02-17 20:39:59
mageia
mageia
Updated webkit2 packages fix security vulnerability
2020-02-18 17:05:53
freebsd
freebsd
webkit-gtk3 -- Multiple vulnerabilities
2020-02-14 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2020-03-02 00:00:00
cve
cve
prion
prion
Memory corruption
2020-02-27 21:15:00
Input validation
2020-02-27 21:15:00
Memory corruption
2020-02-27 21:15:00
debiancve
debiancve
talosblog
talosblog
Vulnerability Spotlight: Remote code execution vulnerability in Apple Safari
2020-02-12 05:44:00
talos
talos
Apple Safari FontFaceSet Remote Code Execution Vulnerability
2020-02-12 00:00:00
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2020-10-01 03:53:02
Arbitrary Code Execution
2020-10-01 03:53:04
Cross-site Scripting (XSS)
2020-10-01 03:53:04
ubuntucve
ubuntucve
thn
thn
How Just Visiting A Site Could Have Hacked Your iPhone or MacBook Camera
2020-04-03 05:00:00
threatpost
threatpost
Apple Safari Flaws Enable One-Click Webcam Access
2020-04-06 18:43:56
Apple Security Updates Tackle iOS Device Tracking, RCE Flaws
2020-01-29 22:09:30
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2020-03-15 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2020-11-10 00:00:00
webkitgtk4 security, bug fix, and enhancement update
2020-10-06 00:00:00
almalinux
almalinux
Moderate: GNOME security, bug fix, and enhancement update
2020-11-03 12:05:56
redhat
redhat
(RHSA-2020:4451) Moderate: GNOME security, bug fix, and enhancement update
2020-11-03 12:05:56
(RHSA-2021:0190) Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
2021-01-19 13:29:21
(RHSA-2021:0050) Moderate: Red Hat Quay v3.3.3 bug fix and security update
2021-01-11 07:29:40
rocky
rocky
GNOME security, bug fix, and enhancement update
2020-11-03 12:05:56
googleprojectzero
googleprojectzero
Fuzzing ImageIO
2020-04-28 00:00:00
amazon
amazon
Medium: webkitgtk4
2020-11-09 21:05:00
centos
centos
webkitgtk4 security update
2020-10-20 19:07:36