Lucene search
Copyright (C) 2019 Greenbone AGOPENVAS:1361412562310814822HistoryJan 25, 2019 - 12:00 a.m.
Apple iTunes Security Updates (HT209450)
2019-01-2500:00:00
Copyright (C) 2019 Greenbone AG
plugins.openvas.org
19
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.909 High
EPSS
Percentile
98.8%
Apple iTunes is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2019 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:apple:itunes";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.814822");
script_version("2023-07-14T16:09:27+0000");
script_cve_id("CVE-2018-20346", "CVE-2018-20505", "CVE-2019-6212", "CVE-2019-6215",
"CVE-2019-6216", "CVE-2019-6221", "CVE-2019-6227", "CVE-2019-6229",
"CVE-2019-6233", "CVE-2018-20506", "CVE-2019-6217", "CVE-2019-6234",
"CVE-2019-6235", "CVE-2019-6226");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2023-07-14 16:09:27 +0000 (Fri, 14 Jul 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-08-24 17:37:00 +0000 (Mon, 24 Aug 2020)");
script_tag(name:"creation_date", value:"2019-01-25 14:09:57 +0530 (Fri, 25 Jan 2019)");
script_name("Apple iTunes Security Updates (HT209450)");
script_tag(name:"summary", value:"Apple iTunes is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is
present on the target host.");
script_tag(name:"insight", value:"Multiple flaws exist due to:
- Multiple memory corruption issues.
- An out-of-bounds read error.
- A type confusion issue.
- A logic issue.");
script_tag(name:"impact", value:"Successful exploitation allows attackers to elevate
privileges, conduct universal cross site scripting and execute arbitrary code.");
script_tag(name:"affected", value:"Apple iTunes versions before 12.9.3");
script_tag(name:"solution", value:"Upgrade to Apple iTunes 12.9.3 or later. Please see the references for more information.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"registry");
script_xref(name:"URL", value:"https://support.apple.com/en-us/HT209450");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2019 Greenbone AG");
script_family("General");
script_dependencies("secpod_apple_itunes_detection_win_900123.nasl");
script_mandatory_keys("iTunes/Win/Ver");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE )) exit(0);
appVer = infos['version'];
appPath = infos['location'];
if(version_is_less(version:appVer, test_version:"12.9.3"))
{
report = report_fixed_ver(installed_version:appVer, fixed_version:"12.9.3", install_path: appPath);
security_message(data:report);
exit(0);
}
exit(99);
References
Related
nessus
nessus
Apple iTunes < 12.9.3 Multiple Vulnerabilities (credentialed check)
2019-01-30 00:00:00
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2019:0511-1)
2019-03-01 00:00:00
kaspersky
kaspersky
KLA11408 Multiple vulnerabilities in Apple iTunes
2019-01-24 00:00:00
KLA11409 Multiple vulnerabilities in Apple iCloud
2019-02-11 00:00:00
apple
apple
About the security content of iTunes 12.9.3 for Windows
2019-01-24 00:00:00
About the security content of iTunes 12.9.3 for Windows - Apple Support
2019-09-11 09:24:48
About the security content of iCloud for Windows 7.10
2019-01-22 00:00:00
openvas
openvas
Apple iCloud Security Updates (HT209451) - Windows
2019-01-23 00:00:00
openSUSE: Security Advisory for webkit2gtk3 (openSUSE-SU-2019:0309-1)
2019-03-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0511-1)
2021-04-19 00:00:00
suse
suse
Security update for webkit2gtk3 (important)
2019-03-08 00:00:00
Security update for webkit2gtk3 (moderate)
2019-03-08 00:00:00
Security update for sqlite3 (moderate)
2019-04-17 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2019-03-14 00:00:00
SQLite: Remote code execution
2019-04-22 00:00:00
freebsd
freebsd
webkit-gtk -- Multiple vulnerabilities
2019-02-08 00:00:00
redhatcve
redhatcve
threatpost
threatpost
DEF CON 2019: Researchers Demo Hacking Google Home for RCE
2019-08-09 15:47:32
Google Chrome Affected By Magellan 2.0 Flaws
2019-12-27 16:45:20
'Chaos' iPhone X Attack Alleges Remote Jailbreak
2019-01-23 16:23:22
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
fedora
fedora
[SECURITY] Fedora 28 Update: webkit2gtk3-2.22.6-1.fc28
2019-02-21 01:39:42
[SECURITY] Fedora 29 Update: webkit2gtk3-2.22.6-1.fc29
2019-02-14 01:59:01
[SECURITY] Fedora 29 Update: mingw-sqlite-3.26.0.0-1.fc29
2019-08-13 01:59:18
prion
prion
Integer overflow
2019-04-03 18:29:00
Code injection
2019-04-03 18:29:00
Memory corruption
2019-03-05 16:29:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2019-02-13 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
SQLite vulnerabilities
2019-06-19 00:00:00
osv
osv
sqlite3 - security update
2018-12-22 00:00:00
CVE-2019-6234
2019-03-05 16:29:03
CVE-2018-20346
2018-12-21 21:29:00
archlinux
archlinux
[ASA-201902-17] webkit2gtk: arbitrary code execution
2019-02-15 00:00:00
zdi
zdi
checkpoint_advisories
checkpoint_advisories
Apple Safari Type Confusion (CVE-2019-6215)
2021-04-29 00:00:00
SQLite FTS Integer Overflow (CVE-2018-20346)
2019-01-15 00:00:00
zdt
zdt
WebKit JSC reifyStaticProperty Attribute Flag Issue Exploit
2019-02-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-20505 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
CVE-2018-20506 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
CVE-2018-20346 affecting package ceph for versions less than 18.2.1-1
2024-04-17 22:02:46
packetstorm
packetstorm
WebKit JSC reifyStaticProperty Attribute Flag Issue
2019-02-21 00:00:00
alpinelinux
alpinelinux
veracode
veracode
Integer Overflow
2020-12-06 04:42:55
Arbitrary Code Execution
2020-12-06 04:38:06
cve0day
cve0day
Apple CVE-2019-6235 Memory Corruption
2019-03-05 14:00:42
ibm
ibm
debian
debian
[SECURITY] [DLA 1613-1] sqlite3 security update
2018-12-22 00:39:44
[SECURITY] [DLA 2340-1] sqlite3 security update
2020-08-22 22:34:58
mageia
mageia
Updated sqlite3 packages fix security vulnerability
2018-12-27 02:08:41
cloudfoundry
cloudfoundry
USN-4019-1: SQLite vulnerabilities | Cloud Foundry
2019-07-10 00:00:00
thn
thn
Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
2019-01-23 14:09:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
photon
photon
Critical Photon OS Security Update - PHSA-2019-0132
2019-02-21 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0209
2019-02-20 00:00:00
Critical Photon OS Security Update - PHSA-2019-0209
2019-02-20 00:00:00
googleprojectzero
googleprojectzero
JSC Exploits
2019-08-29 00:00:00
kitploit
kitploit
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.909 High
EPSS
Percentile
98.8%
Related for OPENVAS:1361412562310814822