Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ITUNES_12_5_2_BANNER.NASL
HistoryNov 17, 2016 - 12:00 a.m.

Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check)

2016-11-1700:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
52
JSON

The version of Apple iTunes running on the remote Windows host is prior to 12.5.2 It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability exists in WebKit when handling the location attribute due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via specially crafted web content, to disclose sensitive information on the user’s system. (CVE-2016-4613)

  • Multiple memory corruption issues exist in WebKit due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via specially crafted web content, to execute arbitrary code. (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94934);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/14");

  script_cve_id("CVE-2016-4613", "CVE-2016-7578");
  script_bugtraq_id(93949);
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2016-10-27-3");

  script_name(english:"Apple iTunes < 12.5.2 Multiple Vulnerabilities (Uncredentialed Check)");
  script_summary(english:"Checks the version of iTunes.");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple iTunes running on the remote Windows host is
prior to 12.5.2 It is, therefore, affected by multiple
vulnerabilities :

  - An information disclosure vulnerability exists in WebKit
    when handling the location attribute due to improper
    validation of user-supplied input. An unauthenticated,
    remote attacker can exploit this, via specially crafted
    web content, to disclose sensitive information on the
    user's system. (CVE-2016-4613)

  - Multiple memory corruption issues exist in WebKit due to
    improper validation of user-supplied input. An
    unauthenticated, remote attacker can exploit these, via
    specially crafted web content, to execute arbitrary
    code. (CVE-2016-7578)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207274");
  # https://lists.apple.com/archives/security-announce/2016/Oct/msg00007.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de74ff03");
  script_set_attribute(attribute:"see_also", value:"https://securitytracker.com/id/1037139");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple iTunes version 12.5.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7578");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Peer-To-Peer File Sharing");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("itunes_sharing.nasl");
  script_require_keys("iTunes/sharing");
  script_require_ports("Services/www", 3689);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);

get_kb_item_or_exit("iTunes/" + port + "/enabled");

type = get_kb_item_or_exit("iTunes/" + port + "/type");
source = get_kb_item_or_exit("iTunes/" + port + "/source");
version = get_kb_item_or_exit("iTunes/" + port + "/version");

if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");

fixed_version = "12.5.2";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) < 0)
{
  report = '\n  Version source    : ' + source +
           '\n  Installed version : ' + version +
           '\n  Fixed version     : ' + fixed_version + 
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

apple 10
nessus 6
threatpost 2
openvas 5
cve 2
ubuntucve 2
prion 2
ubuntu 1
mageia 1
apple
apple
About the security content of iTunes 12.5.2 for Windows
2016-10-27 00:00:00
About the security content of iTunes 12.5.2 for Windows - Apple Support
2016-10-27 09:21:33
About the security content of iCloud for Windows 6.0.1
2016-10-27 00:00:00
nessus
nessus
Apple iTunes < 12.5.2 Multiple Vulnerabilities (credentialed check)
2016-11-16 00:00:00
macOS : Apple Safari < 10.0.1 Multiple Vulnerabilities
2016-11-30 00:00:00
Apple TV < 10.0.1 Multiple Vulnerabilities
2016-10-27 00:00:00
threatpost
threatpost
Apple Patches iTunes, iCloud for Windows, Xcode Server
2016-10-28 11:52:43
Apple Patches iOS Flaw Exploitable by Malicious JPEG
2016-10-25 12:47:34
openvas
openvas
Apple iTunes Code Execution And Information Disclosure Vulnerabilities - Windows
2016-11-17 00:00:00
Apple iCloud Code Execution And Information Disclosure Vulnerabilities - Windows
2017-02-28 00:00:00
Apple Safari Code Execution And Information Disclosure Vulnerabilities (Feb 2017)
2017-02-22 00:00:00
cve
cve
CVE-2016-4613
2017-02-20 08:59:00
CVE-2016-7578
2017-02-20 08:59:00
ubuntucve
ubuntucve
CVE-2016-4613
2016-12-01 00:00:00
CVE-2016-7578
2016-12-01 00:00:00
prion
prion
Code injection
2017-02-20 08:59:00
Memory corruption
2017-02-20 08:59:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-01-10 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-03-02 18:11:17
JSON
Related for ITUNES_12_5_2_BANNER.NASL
apple10nessus6threatpost2openvas5cve2ubuntucve2prion2ubuntu1mageia1