Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_5_2.NASL
HistoryNov 16, 2016 - 12:00 a.m.

Apple iTunes < 12.5.2 Multiple Vulnerabilities (credentialed check)

2016-11-1600:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32
JSON

The version of Apple iTunes installed on the remote Windows host is prior to 12.5.2. It is, therefore, affected by multiple vulnerabilities :

  • A cross-origin bypass vulnerability exists in WebKit due to improper handling of the location attribute. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a maliciously crafted website, to bypass cross-origin policies and disclose sensitive user data. (CVE-2016-4613)

  • Multiple memory corruption errors exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, by convincing a user to visit a maliciously crafted website, to execute arbitrary code.
    (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94915);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id("CVE-2016-4613", "CVE-2016-7578");
  script_bugtraq_id(93949);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-10-27-3");

  script_name(english:"Apple iTunes < 12.5.2 Multiple Vulnerabilities (credentialed check)");
  script_summary(english:"Checks the version of iTunes on Windows.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes installed on the remote Windows host is
prior to 12.5.2. It is, therefore, affected by multiple
vulnerabilities :

  - A cross-origin bypass vulnerability exists in WebKit due
    to improper handling of the location attribute. An
    unauthenticated, remote attacker can exploit this, by
    convincing a user to visit a maliciously crafted
    website, to bypass cross-origin policies and disclose
    sensitive user data. (CVE-2016-4613)

  - Multiple memory corruption errors exist in WebKit due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit these
    issues, by convincing a user to visit a maliciously
    crafted website, to execute arbitrary code.
    (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207274");
  # https://lists.apple.com/archives/security-announce/2016/Oct/msg00007.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de74ff03");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.5.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7578");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_detect.nasl");
  script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

# Ensure this is Windows
get_kb_item_or_exit("SMB/Registry/Enumerated");

app_id = 'iTunes Version';
install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);

version = install["version"];
path = install["path"];

fixed_version = "12.5.2";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  port = get_kb_item("SMB/transport");
  if (isnull(port)) port = 445;

  order = make_list('Version source', 'Installed version', 'Fixed version');
  report = make_array(
    order[0], path,
    order[1], version,
    order[2], fixed_version
  );
  report = report_items_str(report_items:report, ordered_fields:order);

  security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

nessus 6
apple 10
threatpost 2
openvas 5
cve 2
ubuntucve 2
prion 2
ubuntu 1
mageia 1
nessus
nessus
Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check)
2016-11-17 00:00:00
macOS : Apple Safari < 10.0.1 Multiple Vulnerabilities
2016-11-30 00:00:00
Apple TV < 10.0.1 Multiple Vulnerabilities
2016-10-27 00:00:00
apple
apple
About the security content of iTunes 12.5.2 for Windows
2016-10-27 00:00:00
About the security content of iTunes 12.5.2 for Windows - Apple Support
2016-10-27 09:21:33
About the security content of iCloud for Windows 6.0.1 - Apple Support
2017-01-23 05:36:03
threatpost
threatpost
Apple Patches iTunes, iCloud for Windows, Xcode Server
2016-10-28 11:52:43
Apple Patches iOS Flaw Exploitable by Malicious JPEG
2016-10-25 12:47:34
openvas
openvas
Apple iTunes Code Execution And Information Disclosure Vulnerabilities - Windows
2016-11-17 00:00:00
Apple iCloud Code Execution And Information Disclosure Vulnerabilities - Windows
2017-02-28 00:00:00
Apple Safari Code Execution And Information Disclosure Vulnerabilities (Feb 2017)
2017-02-22 00:00:00
cve
cve
CVE-2016-4613
2017-02-20 08:59:00
CVE-2016-7578
2017-02-20 08:59:00
ubuntucve
ubuntucve
CVE-2016-4613
2016-12-01 00:00:00
CVE-2016-7578
2016-12-01 00:00:00
prion
prion
Code injection
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-01-10 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-03-02 18:11:17
JSON
Related for ITUNES_12_5_2.NASL
nessus6apple10threatpost2openvas5cve2ubuntucve2prion2ubuntu1mageia1