{"cve": [{"lastseen": "2017-08-29T10:48:21", "bulletinFamily": "NVD", "description": "dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.", "modified": "2017-08-28T21:35:03", "published": "2014-11-18T06:59:03", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4455", "id": "CVE-2014-4455", "title": "CVE-2014-4455", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-29T10:48:21", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.", "modified": "2017-08-28T21:35:04", "published": "2014-11-18T06:59:09", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4462", "id": "CVE-2014-4462", "title": "CVE-2014-4462", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-29T10:48:21", "bulletinFamily": "NVD", "description": "The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.", "modified": "2017-08-28T21:35:04", "published": "2014-11-18T06:59:08", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4461", "id": "CVE-2014-4461", "title": "CVE-2014-4461", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-29T10:48:21", "bulletinFamily": "NVD", "description": "WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.", "modified": "2017-08-28T21:35:03", "published": "2014-11-18T06:59:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4452", "id": "CVE-2014-4452", "title": "CVE-2014-4452", "type": "cve", "cvss": {"score": 5.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-11-17-3 Apple TV 7.0.2\r\n\r\nApple TV 7.0.2 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: An attacker with a privileged network position may cause an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4462\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes.\r\nCVE-ID\r\nCVE-2014-4455 : @PanguTeam\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IOSharedDataQueue objects. This issue was\r\naddressed through relocation of the metadata.\r\nCVE-ID\r\nCVE-2014-4461 : @PanguTeam\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUajX6AAoJEBcWfLTuOo7to84QAJgIkijuRWbjIumNWZ4tyS2b\r\nv5e0/hdDD5un60trk7sX16TXFw0z9a25uytvjHOvgnleMdLXVMhAj3V6RtLFX+6u\r\nkohV5SiKlGK6m47vVNDT89eYV6UTpSU2BuYPsng+7K8QRUXcVxRZNCSMlRFNeQxF\r\nlcWR/74xr/tMu4kvZfzFaYFrZqTGudnmjGxtfygNSY+/eHCxDLCVU3VnUaGPpGmd\r\nkPAX5QyLsOTfhWePnqpsHqt4l+xZVzI2LOzBNNEpQ0Qif6qLzt4zx1PR2RcKAuKg\r\nqJNBuK08tV8Hne0Sms8SeH8EM92buiPLoTxqvGO9xB68zXtnclFMzA+Z6XQ2GOik\r\n19OXYAfVetiO/mN4Hg+2gB7hZ0Tw6EznOeujcZK3vC3zH6RgqzjevgA5Fas6T9lw\r\nrEWzwailhUs6EOOpolT1OHMIogTXSAxpmO+CyrTwIYCwMWQmPDQyJfqAs5RjUU9d\r\nX0tZxnom20oVTp3U2AkzNUUaQbC0oZgydBjfoNM412dCzsh3rF8IvA/GnM0fLdlR\r\npcxFO0q+fbqMcM9tTcdEJ+blgvOfyM77y72YSl6PkwsylRwRpC0DY7XqgUyERKqX\r\nqZU+luMsZCWA47Y1BjYtG95xGrpmkKtPSnr7V4dqnsKGMK+Uh5Xa7pKdEVzdM3nD\r\nDHp/ayEiwY577KD9XDFw\r\n=kqc5\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31399", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31399", "title": "APPLE-SA-2014-11-17-3 Apple TV 7.0.2", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:55", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-11-17-1 iOS 8.1.1\r\n\r\niOS 8.1.1 is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Website cache may not be fully cleared after leaving private\r\nbrowsing\r\nDescription: A privacy issue existed where browsing data could\r\nremain in the cache after leaving private browsing. This issue was\r\naddressed through a change in caching behavior.\r\nCVE-ID\r\nCVE-2014-4460\r\n\r\ndyld\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes.\r\nCVE-ID\r\nCVE-2014-4455 : @PanguTeam\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in the handling of certain\r\nmetadata fields of IOSharedDataQueue objects. This issue was\r\naddressed through relocation of the metadata.\r\nCVE-ID\r\nCVE-2014-4461 : @PanguTeam\r\n\r\nLock Screen\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: An attacker in possession of a device may exceed the maximum\r\nnumber of failed passcode attempts\r\nDescription: In some circumstances, the failed passcode attempt\r\nlimit was not enforced. This issue was addressed through additional\r\nenforcement of this limit.\r\nCVE-ID\r\nCVE-2014-4451 : Stuart Ryan of University of Technology, Sydney\r\n\r\nLock Screen\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the phone may be able to\r\naccess photos in the Photo Library\r\nDescription: The Leave a Message option in FaceTime may have allowed\r\nviewing and sending photos from the device. This issue was addressed\r\nthrough improved state management.\r\nCVE-ID\r\nCVE-2014-4463\r\n\r\nSandbox Profiles\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to launch arbitrary\r\nbinaries on a trusted device\r\nDescription: A permissions issue existed with the debugging\r\nfunctionality for iOS that allowed the spawning of applications on\r\ntrusted devices that were not being debugged. This was addressed by\r\nchanges to debugserver's sandbox.\r\nCVE-ID\r\nCVE-2014-4457 : @PanguTeam\r\n\r\nSpotlight\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Unnecessary information is included as part of the initial\r\nconnection between Spotlight or Safari and the Spotlight Suggestions\r\nservers\r\nDescription: The initial connection made by Spotlight or Safari to\r\nthe Spotlight Suggestions servers included a user's approximate\r\nlocation before a user entered a query. This issue was addressed by\r\nremoving this information from the initial connection and only\r\nsending the user's approximate location as part of queries.\r\nCVE-ID\r\nCVE-2014-4453 : Ashkan Soltani\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4462\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8.1.1".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUajYFAAoJEBcWfLTuOo7tGxsP/RccLDIt/LMluE7bcG9NSz4w\r\ntw8AHhkfiDZ+T/nnhqAiS2RQ2cgSfMg8KVzCtbrtXrEgebFTUVlos1vIjMSEkqgp\r\nGmSDFn64vZIExVo8w9iTLG/AdW0sERz3h2xVSEr/154AG2SHnL1+nY5abHHycTIG\r\nUuo60+t2OVPtREIcrffmwj6hsYAX1dLAI0QV7PdvjpCc82Snf+yJZCFyjQ23AkQn\r\nP9NElRnK+pbhqqnfZXKO3Hbgf5IkuzeSl4Rwrj8nehu+hcEp32a8zH2wbbzDsFTO\r\nAyM02SAGLmBM30QcoJYK/s0lCGJBbr9rM5+9dUH6KXc8q/OTLJ0YETdHqwsO29cf\r\nXEl5uQT4IHGjlij2f/xYsa0OXbLfyXNeaT5YGlUSIUKNFXRhD6rPccL5V5Ktjnac\r\nJxOv0og5L4OBtPykc0XhmRqTIkEC4Cf3RmewA+b8ivsp/LuPjYsdfN1tZ8MXa1a8\r\nC7hhUQSSSTtA3v7oO/LpU8Qw7kV79SkeQcYYTP07QI87cU2HHDejBHCfGjK9cz65\r\nUf4Sa/leCT0JyQYnx0XOafFTzxIJ2641HtTjuQ3sTKungkE5CR/KyVk2Wul3YqcA\r\nMeo//heYRLNa1XANfzV70TcsnQ2lcirzOqiufC+jljsfkQtlAXWim9H9BCc4102b\r\nugp50lE7/p+CbwYvqaZg\r\n=x/RM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "SECURITYVULNS:DOC:31397", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31397", "title": "APPLE-SA-2014-11-17-1 iOS 8.1.1", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Information leakage, unsigned code execution, code execution, restrictions bypass, memory corruption.", "modified": "2014-12-21T00:00:00", "published": "2014-12-21T00:00:00", "id": "SECURITYVULNS:VULN:14103", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14103", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nAPPLE-SA-2014-12-3-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1 \r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 is now available and\r\naddresses the following:\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a website that frames malicious content may lead to\r\nUI spoofing\r\nDescription: A UI spoofing issue existed in the handling of\r\nscrollbar boundaries. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-1748 : Jordan Milne\r\n\r\nWebKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10.1\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-4452\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\n\r\n\r\nSafari 8.0.1, Safari 7.1.1, and Safari 6.2.1 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\nComment: GPGTools - https://gpgtools.org\r\n\r\niQIcBAEBCgAGBQJUfjjSAAoJEBcWfLTuOo7t1PsP/j0H8iRJiPtYVwRly6mxyDrv\r\n4Ji7sopCSNa96qcqn9jILbFTkthqaXE/vew2UdJgO5CSXqxcF50I9bUkPJyJBq4j\r\nqGEu8a54pMteNSCtox1mwzZu8tcOArc//oQhMPhqSRkEvjVv2bsJdQ9bmc1QqHhP\r\nHkJBN/HO8w5RvZ6o5PiitnOOwVOu2sEX80mI7eYKmRjl7AWMzVE6sER1boL+EyCW\r\n4F5s9610J7KjpWh2QewhhefYPootah9JCKoybTrrba+hBESYtHuRwTTkay7cgMkd\r\nJ+a4xdjngl/ySFqOH7IhnnUD8Cs5UelHk7HlwqoGTxsaRjKnWlZ+1PqtE5buN7v+\r\nSeZeYqeWwSJEeDis55dMIHuKmYl3XsAHU7405A8AW27YLh+ABrnZNctebHub3bJ8\r\nBayfF1h1AHh1UohXnz7u6o9LKavmKzy1VoUiTBKbon+4mBILuj9MlJVXxCIq/8Sl\r\nkmxKlE969d1Ij/6LeNKb/BZ9SYoEOdkgZdqO5BNNtsBgE17xm5yGuJeZyour5hSM\r\n8a9FwRf9QjKD/xodIP0VtB/c53eUe1DRJNgwXkmC4K+7nslBexmzDOxs2bG2LXOU\r\nz0aExXx0goTI5K14PRFE+hLVDOw0jNjp7K2EQAKSK9oKF1sR/tk2nqO/AduSArbe\r\nbftlUMkfPwAuqhtNajQZ\r\n=S2wI\r\n-----END PGP SIGNATURE\u2014\u2014\r\n\r\n", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "SECURITYVULNS:DOC:31492", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31492", "title": "APPLE-SA-2014-12-2-1 Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Multiple memory corruptions.", "modified": "2014-12-21T00:00:00", "published": "2014-12-21T00:00:00", "id": "SECURITYVULNS:VULN:14148", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14148", "title": "Apple Safari / Webkit multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-01-27-2 iOS 8.1.3\r\n\r\niOS 8.1.3 is now available and addresses the following:\r\n\r\nAppleFileConduit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: A vulnerability existed in the symbolic linking\r\nmechanism of afc. This issue was addressed by adding additional path\r\nchecks.\r\nCVE-ID\r\nCVE-2014-4480 : TaiG Jailbreak Team\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\r\niSIGHT Partners GVP Program\r\n\r\ndyld\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes.\r\nCVE-ID\r\nCVE-2014-4455 : TaiG Jailbreak Team\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of font\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4483 : Apple\r\n\r\nFontParser\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Processing a maliciously crafted .dfont file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.dfont files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\r\n\r\nFoundation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted XML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the XML parser. This issue\r\nwas addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4485 : Apple\r\n\r\nIOAcceleratorFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in\r\nIOAcceleratorFamily's handling of resource lists. This issue was\r\naddressed by removing unneeded code.\r\nCVE-ID\r\nCVE-2014-4486 : Ian Beer of Google Project Zero\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A buffer overflow existed in IOHIDFamily. This issue\r\nwas addressed through improved size validation.\r\nCVE-ID\r\nCVE-2014-4487 : TaiG Jailbreak Team\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in IOHIDFamily's handling of\r\nresource queue metadata. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2014-4488 : Apple\r\n\r\nIOHIDFamily\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of event queues. This issue was addressed through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2014-4489 : @beist\r\n\r\niTunes Store\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A website may be able to bypass sandbox restrictions using\r\nthe iTunes Store\r\nDescription: An issue existed in the handling of URLs redirected\r\nfrom Safari to the iTunes Store that could allow a malicious website\r\nto bypass Safari's sandbox restrictions. The issue was addressed with\r\nimproved filtering of URLs opened by the iTunes Store.\r\nCVE-ID\r\nCVE-2014-8840 : lokihardt@ASRT working with HP's Zero Day Initiative\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2014-4491 : @PanguTeam, Stefan Esser\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the kernel shared memory subsystem\r\nthat allowed an attacker to write to memory that was intended to be\r\nread-only. This issue was addressed with stricter checking of shared\r\nmemory permissions.\r\nCVE-ID\r\nCVE-2014-4495 : Ian Beer of Google Project Zero\r\n\r\nKernel\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: The mach_port_kobject kernel interface leaked kernel\r\naddresses and heap permutation value, which may aid in bypassing\r\naddress space layout randomization protection. This was addressed by\r\ndisabling the mach_port_kobject interface in production\r\nconfigurations.\r\nCVE-ID\r\nCVE-2014-4496 : TaiG Jailbreak Team\r\n\r\nlibnetcore\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious, sandboxed app can compromise the networkd\r\ndaemon\r\nDescription: Multiple type confusion issues existed in networkd's\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to networkd, it may have been possible to execute\r\narbitrary code as the networkd process. The issue is addressed\r\nthrough additional type checking.\r\nCVE-ID\r\nCVE-2014-4492 : Ian Beer of Google Project Zero\r\n\r\nMobileInstallation\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: A malicious enterprise-signed application may be able to\r\ntake control of the local container for applications already on a\r\ndevice\r\nDescription: A vulnerability existed in the application installation\r\nprocess. This was addressed by preventing enterprise applications\r\nfrom overriding existing applications in specific scenarios.\r\nCVE-ID\r\nCVE-2014-4493 : Hui Xue and Tao Wei of FireEye, Inc.\r\n\r\nSpringboard\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Enterprise-signed applications may be launched without\r\nprompting for trust\r\nDescription: An issue existed in determining when to prompt for\r\ntrust when first opening an enterprise-signed application. This issue\r\nwas addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2014-4494 : Song Jin, Hui Xue, and Tao Wei of FireEye, Inc.\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a website that frames malicious content may lead to\r\nUI spoofing\r\nDescription: A UI spoofing issue existed in the handling of\r\nscrollbar boundaries. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2014-4467 : Jordan Milne\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nWebKit\r\nAvailable for: iPhone 4s and later,\r\niPod touch (5th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update\r\nwill be "8.1.3".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUx8umAAoJEBcWfLTuOo7tTskQAI5o4uXj16m90mQhSqUYG35F\r\npCbUBiLJj4IWcgLsNDKgnhcmX6YOA+q7LnyCuU91K4DLybFZr5/OrxDU4/qCsKQb\r\n8o6uRHdtfq6zrOrUgv+hKXP36Rf5v/zl/P9JViuJoKZXMQow6DYoTpCaUAUwp23z\r\nmrF3EwzZyxfT2ICWwPS7r8A9annIprGBZLJz1Yr7Ek90WILTg9RbgnI60IBfpLzn\r\nBi4ej9FqV2HAy4S9Fad6jyB9E0rAsl6PRMPGKVvOa2o1/mLqiFGR06qyHwJ+ynj8\r\ntTGcnVhiZVaiur807DY1hb6uB2oLFQXxHFYe3T17l3igM/iminMpWfcq/PmnIIwR\r\nIASrhc24qgUywOGK6FfVKdoh5KNgb3xK4X7U9YL9/eMwgT48a2qO6lLTfYdFfBCh\r\nwEzMAFEDpnkwOSw/s5Ry0eCY+p+DU0Kxr3Ter3zkNO0abf2yXjAtu4nHBk3I1t4P\r\ny8fM8vcWhPDTdfhIWp5Vwcs6sxCGXO1/w6Okuv4LlEDkSJ0Vm2AdhnE0TmhWW0BB\r\nw7XMGRYdUCYRbGIta1wciD8yR1xeAWGIOL9+tYROfK4jgPgFGNjtkhqMWNxLZwnR\r\nIEHZ2hYBhf3bWCtEDP5nZBV7jdUUdMxDzDX9AuPp67SXld2By+iMe8AYgu6EVhfY\r\nCfDJ+b9mxdd8GswiT3OO\r\n=j9pr\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31677", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31677", "title": "APPLE-SA-2015-01-27-2 iOS 8.1.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:VULN:14242", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14242", "title": "Apple TV multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2015-01-27-1 Apple TV 7.0.3\r\n\r\nApple TV 7.0.3 is now available and addresses the following:\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A maliciously crafted afc command may allow access to\r\nprotected parts of the filesystem\r\nDescription: A vulnerability existed in the symbolic linking\r\nmechanism of afc. This issue was addressed by adding additional path\r\nchecks.\r\nCVE-ID\r\nCVE-2014-4480 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow existed in the handling of PDF\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the\r\niSIGHT Partners GVP Program\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A state management issue existed in the handling of\r\nMach-O executable files with overlapping segments. This issue was\r\naddressed through improved validation of segment sizes\r\nCVE-ID\r\nCVE-2014-4455 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Opening a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of font\r\nfiles. This issue was addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4483 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Processing a maliciously crafted .dfont file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the handling of\r\n.dfont files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Viewing a maliciously crafted XML file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the XML parser. This issue\r\nwas addressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2014-4485 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in\r\nIOAcceleratorFamily's handling of resource lists. This issue was\r\naddressed by removing unneeded code.\r\nCVE-ID\r\nCVE-2014-4486 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A buffer overflow existed in IOHIDFamily. This issue\r\nwas addressed through improved size validation.\r\nCVE-ID\r\nCVE-2014-4487 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A validation issue existed in IOHIDFamily's handling of\r\nresource queue metadata. This issue was addressed through improved\r\nvalidation of metadata.\r\nCVE-ID\r\nCVE-2014-4488 : Apple\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A null pointer dereference existed in IOHIDFamily's\r\nhandling of event queues. This issue was addressed through improved\r\nvalidation.\r\nCVE-ID\r\nCVE-2014-4489 : @beist\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: An information disclosure issue existed in the handling\r\nof APIs related to kernel extensions. Responses containing an\r\nOSBundleMachOHeaders key may have included kernel addresses, which\r\nmay aid in bypassing address space layout randomization protection.\r\nThis issue was addressed by unsliding the addresses before returning\r\nthem.\r\nCVE-ID\r\nCVE-2014-4491 : @PanguTeam, Stefan Esser\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An issue existed in the kernel shared memory subsystem\r\nthat allowed an attacker to write to memory that was intended to be\r\nread-only. This issue was addressed with stricter checking of shared\r\nmemory permissions.\r\nCVE-ID\r\nCVE-2014-4495 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Maliciously crafted or compromised iOS applications may be\r\nable to determine addresses in the kernel\r\nDescription: The mach_port_kobject kernel interface leaked kernel\r\naddresses and heap permutation value, which may aid in bypassing\r\naddress space layout randomization protection. This was addressed by\r\ndisabling the mach_port_kobject interface in production\r\nconfigurations.\r\nCVE-ID\r\nCVE-2014-4496 : TaiG Jailbreak Team\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: A malicious, sandboxed app can compromise the networkd\r\ndaemon\r\nDescription: Multiple type confusion issues existed in networkd's\r\nhandling of interprocess communication. By sending a maliciously\r\nformatted message to networkd, it could be possible to execute\r\narbitrary code as the networkd process. The issue is addressed\r\nthrough additional type checking.\r\nCVE-ID\r\nCVE-2014-4492 : Ian Beer of Google Project Zero\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Style sheets are loaded cross-origin which may allow for\r\ndata exfiltration\r\nDescription: An SVG loaded in an img element could load a CSS file\r\ncross-origin. This issue was addressed through enhanced blocking of\r\nexternal CSS references in SVGs.\r\nCVE-ID\r\nCVE-2014-4465 : Rennie deGraaf of iSEC Partners\r\n\r\nApple TV\r\nAvailable for: Apple TV 3rd generation and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nApple TV will periodically check for software updates. Alternatively,\r\nyou may manually check for software updates by selecting\r\n"Settings -> General -> Update Software".\r\n\r\nTo check the current version of software, select\r\n"Settings -> General -> About".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUx8uoAAoJEBcWfLTuOo7tyYYP/0Wa2vYwjiSNRUiPXPlxwKKJ\r\nEnQeYq248AQZ1D2YDfUwuz3zs826YM9/agwWFv+b1kDU5wYZ37oRvsEB3nmzDyA6\r\nMChLBOE+9YRImVbgGI1VFI7FOCiLXesXWHhSJeKs0nqPmEjY2fjoR6h7KTZy7a8i\r\nQvDM61tRx9u06vDobSH3M+NvfaD87/EQZUzTnzraOw5EnMrnuyAH7vfm05xzhQsc\r\nqyaCkPq1+VsFBRAFdJQRCs2TYXTkSH0NVU+A9iMkhguH8hsRhGOzj4nnP72mYnFs\r\nQqJIPY0mKCHp5GLRLlh5+0XgPQ9M0Rz7Pq3OMfJXQB1/Jt749jAbKSWsetN8vPMx\r\nNHq1UJljbJ4L3anDmDBv5kBE1uDqYJraJQYGoswfvG2PJNIkPzlTXk9nnGIktYBS\r\nzGKZINvUFHjaPCrBiTqoVgbjAT1akkQbC/UkdNxaW0guTHmXOjIyWrN4l0ZqA7t4\r\n1l9sVAc+pKMdbW3AXt6Gs4WEz1Fn/vQiMc2ZYudWXbW0Xc9G+8oL3db/oXoKpjEz\r\n1+TjMcswTHB6+xqhsuUyQWJRMGW38SdwpA2fquE07xRSqhrEcIV37IdXi0knJf27\r\nBLGWtjiDffaIzRxZZbZZjgsvLKRxeQeQeYlEc/dNn2e7x85ln70MJ2BYkuBRfnb6\r\nG6QsP8oliqd742wGBmKC\r\n=rnYo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:DOC:31676", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31676", "title": "APPLE-SA-2015-01-27-1 Apple TV 7.0.3", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "description": "Protection bypass, memory corruptions, buffer overflows, code execution, crossite access.", "modified": "2015-02-02T00:00:00", "published": "2015-02-02T00:00:00", "id": "SECURITYVULNS:VULN:14243", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14243", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:59", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nAPPLE-SA-2015-06-30-6 iTunes 12.2\r\n\r\niTunes 12.2 is now available and addresses the following:\r\n\r\nWebKit\r\nAvailable for: Windows 8 and Windows 7\r\nImpact: A man-in-the-middle attack while browsing the iTunes Store\r\nvia iTunes may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2014-3192 : cloudfuzzer\r\nCVE-2014-4452\r\nCVE-2014-4459\r\nCVE-2014-4466 : Apple\r\nCVE-2014-4468 : Apple\r\nCVE-2014-4469 : Apple\r\nCVE-2014-4470 : Apple\r\nCVE-2014-4471 : Apple\r\nCVE-2014-4472 : Apple\r\nCVE-2014-4473 : Apple\r\nCVE-2014-4474 : Apple\r\nCVE-2014-4475 : Apple\r\nCVE-2014-4476 : Apple\r\nCVE-2014-4477 : lokihardt@ASRT working with HP's Zero Day Initiative\r\nCVE-2014-4479 : Apple\r\nCVE-2015-1068 : Apple\r\nCVE-2015-1069 : Apple\r\nCVE-2015-1070 : Apple\r\nCVE-2015-1071 : Apple\r\nCVE-2015-1072\r\nCVE-2015-1073 : Apple\r\nCVE-2015-1074 : Apple\r\nCVE-2015-1075 : Google Chrome Security team\r\nCVE-2015-1076\r\nCVE-2015-1077 : Apple\r\nCVE-2015-1078 : Apple\r\nCVE-2015-1079 : Apple\r\nCVE-2015-1080 : Apple\r\nCVE-2015-1081 : Apple\r\nCVE-2015-1082 : Apple\r\nCVE-2015-1083 : Apple\r\nCVE-2015-1119 : Renata Hodovan of University of Szeged / Samsung\r\nElectronics\r\nCVE-2015-1120 : Apple\r\nCVE-2015-1121 : Apple\r\nCVE-2015-1122 : Apple\r\nCVE-2015-1124 : Apple\r\nCVE-2015-1152\r\nCVE-2015-1153\r\nCVE-2015-1154\r\n\r\n\r\niTunes 12.2 may be obtained from:\r\nhttp://www.apple.com/itunes/download/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\n\r\niQIcBAEBCAAGBQJVkxn8AAoJEBcWfLTuOo7tYPoP/3l/dw+rYzo6GHoE0xZM/4nc\r\n0kq2Wx+f8blymEOs6cHM7hvR4YTRc+O/QnNZXrVVxa7SqFG2dnE203sxOFyTfl6t\r\nyzN2ueA9IGC0W6c3YBo3ej1Fifi9ey25P66AParFU+7jI3Pj3mkKb1ClrFb6gCzc\r\nU743HOcnmmqSpnnXfxZPt+y2oDasweNt0guCpYYG8mcG2hzyQfSmA8EEh/Dzplv9\r\nNl2NGAqyG3Cj8ZDOoPIZcHYZ8h2DHl+YyczVyryo6YwadRPq54pDKDOjsDmVUkl9\r\nYFZu99gdDK/QVudRolmj9ZjvdAi5fpJJZ0hHl7giNzo5wKCVIaTVgzjVRjXWWvRZ\r\nJwTt07sky25py+rQne62/heKfIhPwv2pNyZmSLSpQsb8+yYVKw0mX5nLmko91+yS\r\nkPOMRF5f/Ek2aYoRJ9DruVpMFs1kHIC3ynh5WQrAWkono1fU/U1Wxz2yGPuU+Jhm\r\ndghvFEjH8uHaayaeNilTKqAfxGBOpd9jKzUe3bQ8gbGNtruun0QxIUsa9DE98giu\r\ne1OtNo70kt1EznEPeAoLwhVb/jQE29OlZyhN912tvTGVjExCmIxcZQdw537yWj7C\r\nae2Kjb4l8ni4T4ta0i1mxC/bbsHa8u/gs8DcMGGcjnbWUAJx6oOAAzY6x9SIfZqa\r\nszGbF5r4TZ5KFgMW9I6o\r\n=Vyyo\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n", "modified": "2015-07-05T00:00:00", "published": "2015-07-05T00:00:00", "id": "SECURITYVULNS:DOC:32263", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32263", "title": "APPLE-SA-2015-06-30-6 iTunes 12.2", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:22:50", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462)\n\n - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455)\n\n - A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461)", "modified": "2018-11-15T00:00:00", "id": "APPLETV_7_0_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79360", "published": "2014-11-20T00:00:00", "title": "Apple TV < 7.0.2 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79360);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2014-4452\",\n \"CVE-2014-4455\",\n \"CVE-2014-4461\",\n \"CVE-2014-4462\"\n );\n script_bugtraq_id(71136, 71137, 71140, 71142);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-11-17-3\");\n\n script_name(english:\"Apple TV < 7.0.2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV device is a version prior\nto 7.0.2. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist related to the\n included version of WebKit that allow application\n crashes or arbitrary code execution. (CVE-2014-4452,\n CVE-2014-4462)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A remote code execution issue exists due to improper\n validation of metadata fields in IOSharedDataQueue\n objects. (CVE-2014-4461)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/534005/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 7.0.2 or later. Note that this update is only\navailable for 3rd generation and later models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nget_kb_item_or_exit(\"www/appletv\");\n\nport = 3689;\nbanner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\nif (\n \"DAAP-Server: iTunes/\" >!< banner &&\n \"RIPT-Server: iTunesLib/\" >!< banner\n) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\npat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\nmatches = egrep(pattern:pat, string:banner);\n\nif (\n \"DAAP-Server: iTunes/\" >< banner &&\n !matches\n) audit(AUDIT_WRONG_WEB_SERVER, port, \"iTunes on an Apple TV\");\n\nfixed_major = \"11.1\";\nfixed_char = \"b\";\nfixed_minor = \"37\";\nfixed_airtunes_version = \"211.3\";\n\nreport = \"\";\n\n# Check first for 3rd gen and recent 2nd gen models.\nif (matches)\n{\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n major = match[1];\n char = match[2];\n minor = int(match[3]);\n\n if (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||\n (\n ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&\n (\n ord(char) < ord(fixed_char) ||\n (\n ord(char) == ord(fixed_char) &&\n minor < fixed_minor\n )\n )\n )\n )\n {\n report = '\\n Source : ' + line +\n '\\n Installed iTunes version : ' + major + char + minor +\n '\\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor +\n '\\n';\n }\n else if (major == fixed_major && char == fixed_char && minor == fixed_minor)\n {\n airtunes_port = 5000;\n # nb: 'http_server_header()' exits if it can't get the HTTP banner.\n server_header = http_server_header(port:airtunes_port);\n if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port);\n if (\"AirTunes\" >!< server_header) audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, \"AirTunes\");\n\n match = eregmatch(string:server_header, pattern:\"^AirTunes\\/([0-9][0-9.]+)\");\n if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, \"AirTunes\", airtunes_port);\n airtunes_version = match[1];\n\n if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0)\n {\n report = '\\n Source : ' + server_header +\n '\\n Installed AirTunes version : ' + airtunes_version +\n '\\n Fixed AirTunes version : ' + fixed_airtunes_version +\n '\\n';\n }\n else audit(AUDIT_LISTEN_NOT_VULN, \"AirTunes\", airtunes_port, airtunes_version);\n }\n }\n }\n}\nelse\n{\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\nif (report)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:26", "bulletinFamily": "scanner", "description": "According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution. (CVE-2014-3192, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475, CVE-2014-4476, CVE-2014-4477, CVE-2014-4479)\n\n - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455)\n\n - A security bypass issue exists due to improper validation of SVG files loaded in an IMG element. An attacker can load a CSS of cross-origin resulting in information disclosure. (CVE-2014-4465)\n\n - An issue exists due to the symbolic linking performed by the 'afc' command which allows an attacker to access arbitrary files on the system. (CVE-2014-4480)\n\n - An integer overflow issue exists due to improper bounds checking when processing PDF files. (CVE-2014-4481)\n\n - A buffer overflow issue exists due to improper bounds checking when processing fonts in PDF files.\n (CVE-2014-4483)\n\n - A memory corruption issue exists due to improper bounds checking when processing '.dfont' files.\n (CVE-2014-4484)\n\n - A buffer overflow issue exists due to improper bounds checking when processing XML files. (CVE-2014-4485)\n\n - A null pointer dereference issue exists due to the handling of resource lists in the IOAcceleratorFamily kernel extension. (CVE-2014-4486)\n\n - A buffer overflow issue exists due to improper size validation in the IOHIDFamily. (CVE-2014-4487)\n\n - A validation issue exists due to the handling of resource queue metadata in the IOHIDFamily kernel extension. (CVE-2014-4488)\n\n - A null pointer dereference issue exists due to the handling of event queues in the IOHIDFamily kernel extension. (CVE-2014-4489)\n\n - An information disclosure issue exists due to the handling of APIs related to kernel extensions in which kernel addresses may be revealed. An attacker can leverage this to bypass ASLR protections.\n (CVE-2014-4491)\n\n - Multiple type confusion issues exists due to improper type checking during interprocess communication in the network daemon (networkd). (CVE-2014-4492)\n\n - An issue exists due to improper checking of shared memory permissions in the kernel shared memory subsystem. (CVE-2014-4495)\n\n - An information disclosure issue exists due to mach_port_kobject kernel interface leaking kernel addresses and heap permutation values. An attacker can leverage this to bypass ASLR protections.\n (CVE-2014-4496)\n\nNote that arbitrary code execution is possible with the above issues assigned CVE-2014-4481 through CVE-2014-4489, CVE-2014-4492, and CVE-2014-4495.", "modified": "2018-11-15T00:00:00", "id": "APPLETV_7_0_3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81145", "published": "2015-02-03T00:00:00", "title": "Apple TV < 7.0.3 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81145);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4455\",\n \"CVE-2014-4459\",\n \"CVE-2014-4465\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2014-4480\",\n \"CVE-2014-4481\",\n \"CVE-2014-4483\",\n \"CVE-2014-4484\",\n \"CVE-2014-4485\",\n \"CVE-2014-4486\",\n \"CVE-2014-4487\",\n \"CVE-2014-4488\",\n \"CVE-2014-4489\",\n \"CVE-2014-4491\",\n \"CVE-2014-4492\",\n \"CVE-2014-4495\",\n \"CVE-2014-4496\"\n );\n script_bugtraq_id(\n 70273,\n 71140,\n 71144,\n 71438,\n 71439,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72327,\n 72329,\n 72330,\n 72331,\n 72334\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-01-27-1\");\n\n script_name(english:\"Apple TV < 7.0.3 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version in the banner.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote Apple TV device is a version prior\nto 7.0.3. It is, therefore, affected by the following\nvulnerabilities :\n\n - Multiple memory corruption issues exist, related to the\n included version of WebKit, that allow application\n crashes or arbitrary code execution. (CVE-2014-3192,\n CVE-2014-4459, CVE-2014-4466, CVE-2014-4468,\n CVE-2014-4469, CVE-2014-4470, CVE-2014-4471,\n CVE-2014-4472, CVE-2014-4473, CVE-2014-4474,\n CVE-2014-4475, CVE-2014-4476, CVE-2014-4477,\n CVE-2014-4479)\n\n - A state management issue exists due to improperly\n handling overlapping segments in Mach-O executable\n files. A local user can exploit this issue to execute\n unsigned code. (CVE-2014-4455)\n\n - A security bypass issue exists due to improper\n validation of SVG files loaded in an IMG element. An\n attacker can load a CSS of cross-origin resulting in\n information disclosure. (CVE-2014-4465)\n\n - An issue exists due to the symbolic linking performed\n by the 'afc' command which allows an attacker to\n access arbitrary files on the system. (CVE-2014-4480)\n\n - An integer overflow issue exists due to improper bounds\n checking when processing PDF files. (CVE-2014-4481)\n\n - A buffer overflow issue exists due to improper bounds\n checking when processing fonts in PDF files.\n (CVE-2014-4483)\n\n - A memory corruption issue exists due to improper bounds\n checking when processing '.dfont' files.\n (CVE-2014-4484)\n\n - A buffer overflow issue exists due to improper bounds\n checking when processing XML files. (CVE-2014-4485)\n\n - A null pointer dereference issue exists due to the\n handling of resource lists in the IOAcceleratorFamily\n kernel extension. (CVE-2014-4486)\n\n - A buffer overflow issue exists due to improper size\n validation in the IOHIDFamily. (CVE-2014-4487)\n\n - A validation issue exists due to the handling of\n resource queue metadata in the IOHIDFamily kernel\n extension. (CVE-2014-4488)\n\n - A null pointer dereference issue exists due to the\n handling of event queues in the IOHIDFamily kernel\n extension. (CVE-2014-4489)\n\n - An information disclosure issue exists due to the\n handling of APIs related to kernel extensions in which\n kernel addresses may be revealed. An attacker can\n leverage this to bypass ASLR protections.\n (CVE-2014-4491)\n\n - Multiple type confusion issues exists due to improper\n type checking during interprocess communication in the\n network daemon (networkd). (CVE-2014-4492)\n\n - An issue exists due to improper checking of shared\n memory permissions in the kernel shared memory\n subsystem. (CVE-2014-4495)\n\n - An information disclosure issue exists due to\n mach_port_kobject kernel interface leaking kernel\n addresses and heap permutation values. An attacker can\n leverage this to bypass ASLR protections.\n (CVE-2014-4496)\n\nNote that arbitrary code execution is possible with the above issues\nassigned CVE-2014-4481 through CVE-2014-4489, CVE-2014-4492, and\nCVE-2014-4495.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204246\");\n # https://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f3743d1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple TV 7.0.3 or later. Note that this update is only\navailable for 3rd generation and later models.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:apple_tv\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"appletv_detect.nasl\");\n script_require_keys(\"www/appletv\");\n script_require_ports(3689, 7000);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nget_kb_item_or_exit(\"www/appletv\");\n\n# Apple TV 6.0 and later\nport = get_http_port(default:7000, dont_exit:TRUE);\nitem = \"/server-info\";\n\nif (!isnull(port))\n{\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : item,\n exit_on_fail:FALSE\n );\n\n report = NULL;\n\n if (res[0] =~'^HTTP/[0-9.]+ +200' && !empty_or_null(res[2]))\n {\n url = build_url(port:port, qs:item);\n\n # Examples: 12B435, 11A470e, etc.\n pat =\n \"<key>osBuildVersion</key>\\s+<string>([0-9]+)([A-Za-z])([0-9]+)([A-Za-z]+)?</string>\";\n matches = pregmatch(pattern:pat, string:res[2], icase:TRUE);\n\n if (!isnull(matches))\n {\n ver = matches[1] + matches[2] + matches[3];\n ver_major = int(matches[1]);\n ver_char = ord(matches[2]);\n ver_minor = int(matches[3]);\n\n fixed_build = \"12B466\";\n fixed_major = 12;\n fixed_char = ord(\"B\");\n fixed_minor = 466;\n\n if (\n # Major version <= fixed version\n ver_major < fixed_major || ( ver_major == fixed_major &&\n (\n # Value of character <= value of fixed character\n ver_char < fixed_char || ( ver_char == fixed_char &&\n # Minor version < fixed version\n ver_minor < fixed_minor\n )\n )\n )\n )\n report =\n '\\n URL : ' + url +\n '\\n Installed build : ' + ver +\n '\\n Fixed build : ' + fixed_build + ' (Apple TV 7.0.3)' +\n '\\n';\n\n else\n audit(AUDIT_HOST_NOT, \"affected because it is running build \" + ver);\n }\n else\n {\n pat = \"<key>srcvers</key>\\s+<string>([0-9.]+)</string>\";\n matches = pregmatch(pattern:pat, string:res[2], icase:TRUE);\n if (!isnull(matches))\n {\n airplay_ver = matches[1];\n fixed_airplay_ver = \"211.3\";\n\n if (ver_compare(ver:airplay_ver, fix:fixed_airplay_ver, strict:FALSE) < 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed AirPlay version : ' + airplay_ver +\n '\\n Fixed AirPlay version : ' + fixed_airplay_ver +\n '\\n';\n }\n else\n audit(AUDIT_HOST_NOT, \"affected because it is running AirPlay \" + airplay_ver);\n }\n }\n }\n}\n\nif (isnull(report))\n{\n port = 3689;\n banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);\n if (\"DAAP-Server: iTunes/\" >!< banner && \"RIPT-Server: iTunesLib/\" >!< banner)\n audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');\n\n pat = \"^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \\((Mac )?OS X\\)\";\n matches = egrep(pattern:pat, string:banner);\n\n if (\"DAAP-Server: iTunes/\" >< banner && !matches)\n audit(AUDIT_WRONG_WEB_SERVER, port, \"iTunes on an Apple TV\");\n\n pat2 = \"^RIPT-Server: iTunesLib/([0-9]+)\\.\";\n matches = egrep(pattern:pat2, string:banner);\n if (matches)\n {\n foreach line (split(matches, keep:FALSE))\n {\n match = eregmatch(pattern:pat2, string:line);\n if (!isnull(match))\n {\n major = int(match[1]);\n if (major <= 9)\n {\n report = '\\n Source : ' + line +\n '\\n';\n }\n break;\n }\n }\n }\n}\n\nif (!empty_or_null(report))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:report);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:25", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.8 or 10.9 that does not have Security Update 2015-001 applied. This update contains several security-related fixes for the following components :\n\n - AFP Server\n - Bluetooth\n - CoreGraphics\n - CoreSymbolication\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Sandbox\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - sysmond\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_SECUPD2015-001.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81088", "published": "2015-01-29T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81088);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2011-2391\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-4426\",\n \"CVE-2014-4461\",\n \"CVE-2014-4481\",\n \"CVE-2014-4483\",\n \"CVE-2014-4484\",\n \"CVE-2014-4485\",\n \"CVE-2014-4486\",\n \"CVE-2014-4487\",\n \"CVE-2014-4488\",\n \"CVE-2014-4489\",\n \"CVE-2014-4491\",\n \"CVE-2014-4492\",\n \"CVE-2014-4495\",\n \"CVE-2014-4497\",\n \"CVE-2014-8517\",\n \"CVE-2014-8816\",\n \"CVE-2014-8817\",\n \"CVE-2014-8819\",\n \"CVE-2014-8820\",\n \"CVE-2014-8821\",\n \"CVE-2014-8822\",\n \"CVE-2014-8824\",\n \"CVE-2014-8826\",\n \"CVE-2014-8827\",\n \"CVE-2014-8828\",\n \"CVE-2014-8829\",\n \"CVE-2014-8830\",\n \"CVE-2014-8831\",\n \"CVE-2014-8832\",\n \"CVE-2014-8835\",\n \"CVE-2014-8838\"\n );\n script_bugtraq_id(\n 62531,\n 70574,\n 70585,\n 70586,\n 70623,\n 70792,\n 71136,\n 72327,\n 72328,\n 72341\n );\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-01-27-4\");\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2015-001) (POODLE)\");\n script_summary(english:\"Checks for the presence of Security Update 2015-001.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity issues.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.8 or 10.9 that\ndoes not have Security Update 2015-001 applied. This update contains\nseveral security-related fixes for the following components :\n\n - AFP Server\n - Bluetooth\n - CoreGraphics\n - CoreSymbolication\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Sandbox\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - sysmond\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204244\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Security Update 2015-001 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'tnftp \"savefile\" Arbitrary Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"Host/MacOSX/packages/boms\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\npatch = \"2015-001\";\n\n# Compare 2 patch numbers to determine if patch requirements are satisfied.\n# Return true if this patch or a later patch is applied\n# Return false otherwise\nfunction check_patch(year, number)\n{\n local_var p_split = split(patch, sep:\"-\");\n local_var p_year = int( p_split[0]);\n local_var p_num = int( p_split[1]);\n\n if (year > p_year) return TRUE;\n else if (year < p_year) return FALSE;\n else if (number >= p_num) return TRUE;\n else return FALSE;\n}\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\nif (!ereg(pattern:\"Mac OS X 10\\.[89]([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.8 / 10.9\");\nelse if (\"Mac OS X 10.8\" >< os && !ereg(pattern:\"Mac OS X 10\\.8($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Mountain Lion later than 10.8.5.\");\nelse if (\"Mac OS X 10.9\" >< os && !ereg(pattern:\"Mac OS X 10\\.9($|\\.[0-5]([^0-9]|$))\", string:os)) exit(0, \"The remote host uses a version of Mac OS X Mavericks later than 10.9.5.\");\n\npackages = get_kb_item_or_exit(\"Host/MacOSX/packages/boms\", exit_code:1);\nsec_boms_report = egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\..*bom$\", string:packages);\nsec_boms = split(sec_boms_report, sep:'\\n');\n\nforeach package (sec_boms)\n{\n # Grab patch year and number\n match = eregmatch(pattern:\"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]\", string:package);\n if (empty_or_null(match[1]) || empty_or_null(match[2]))\n continue;\n\n patch_found = check_patch(year:int(match[1]), number:int(match[2]));\n if (patch_found) exit(0, \"The host has Security Update \" + patch + \" or later installed and is therefore not affected.\");\n}\n\nreport = '\\n Missing security update : ' + patch;\nreport += '\\n Installed security BOMs : ';\nif (sec_boms_report) report += str_replace(find:'\\n', replace:'\\n ', string:sec_boms_report);\nelse report += 'n/a';\nreport += '\\n';\n\nsecurity_report_v4(port:0, severity:SECURITY_HOLE, extra:report);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:25:17", "bulletinFamily": "scanner", "description": "The version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ITUNES_12_2_0_BANNER.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86600", "published": "2015-10-26T00:00:00", "title": "Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86600);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4452\",\n \"CVE-2014-4459\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2015-1068\",\n \"CVE-2015-1069\",\n \"CVE-2015-1070\",\n \"CVE-2015-1071\",\n \"CVE-2015-1072\",\n \"CVE-2015-1073\",\n \"CVE-2015-1074\",\n \"CVE-2015-1075\",\n \"CVE-2015-1076\",\n \"CVE-2015-1077\",\n \"CVE-2015-1078\",\n \"CVE-2015-1079\",\n \"CVE-2015-1080\",\n \"CVE-2015-1081\",\n \"CVE-2015-1082\",\n \"CVE-2015-1083\",\n \"CVE-2015-1119\",\n \"CVE-2015-1120\",\n \"CVE-2015-1121\",\n \"CVE-2015-1122\",\n \"CVE-2015-1124\",\n \"CVE-2015-1152\",\n \"CVE-2015-1153\",\n \"CVE-2015-1154\"\n );\n script_bugtraq_id(\n 70273,\n 71137,\n 71144,\n 71438,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72329,\n 72330,\n 72331,\n 73972,\n 74523,\n 74525,\n 74526\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-6\");\n\n script_name(english:\"Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)\");\n script_summary(english:\"Checks the version of iTunes.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes running on the remote host is prior to\n12.2. It is, therefore, affected by multiple vulnerabilities due to\nmemory corruption issues in the WebKit component. An attacker can\nexploit these to cause a denial of service or execute arbitrary code.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204949\");\n # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?103c0dda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple version iTunes 12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_sharing.nasl\");\n script_require_keys(\"iTunes/sharing\");\n script_require_ports(\"Services/www\", 3689);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);\n\nget_kb_item_or_exit(\"iTunes/\" + port + \"/enabled\");\n\ntype = get_kb_item_or_exit(\"iTunes/\" + port + \"/type\");\nsource = get_kb_item_or_exit(\"iTunes/\" + port + \"/source\");\nversion = get_kb_item_or_exit(\"iTunes/\" + port + \"/version\");\n\nif (type != 'Windows') audit(AUDIT_OS_NOT, \"Windows\");\n\nfixed_version = \"12.2.0.145\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + \n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"iTunes\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:24:27", "bulletinFamily": "scanner", "description": "The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "modified": "2018-11-15T00:00:00", "id": "ITUNES_12_2_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=84504", "published": "2015-07-03T00:00:00", "title": "Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84504);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\n \"CVE-2014-3192\",\n \"CVE-2014-4452\",\n \"CVE-2014-4459\",\n \"CVE-2014-4466\",\n \"CVE-2014-4468\",\n \"CVE-2014-4469\",\n \"CVE-2014-4470\",\n \"CVE-2014-4471\",\n \"CVE-2014-4472\",\n \"CVE-2014-4473\",\n \"CVE-2014-4474\",\n \"CVE-2014-4475\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2015-1068\",\n \"CVE-2015-1069\",\n \"CVE-2015-1070\",\n \"CVE-2015-1071\",\n \"CVE-2015-1072\",\n \"CVE-2015-1073\",\n \"CVE-2015-1074\",\n \"CVE-2015-1075\",\n \"CVE-2015-1076\",\n \"CVE-2015-1077\",\n \"CVE-2015-1078\",\n \"CVE-2015-1079\",\n \"CVE-2015-1080\",\n \"CVE-2015-1081\",\n \"CVE-2015-1082\",\n \"CVE-2015-1083\",\n \"CVE-2015-1119\",\n \"CVE-2015-1120\",\n \"CVE-2015-1121\",\n \"CVE-2015-1122\",\n \"CVE-2015-1124\",\n \"CVE-2015-1152\",\n \"CVE-2015-1153\",\n \"CVE-2015-1154\"\n );\n script_bugtraq_id(\n 70273,\n 71137,\n 71144,\n 71438,\n 71442,\n 71444,\n 71445,\n 71449,\n 71451,\n 71459,\n 71461,\n 71462,\n 72329,\n 72330,\n 72331,\n 73972,\n 74523,\n 74525,\n 74526\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-06-30-6\");\n\n script_name(english:\"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)\");\n script_summary(english:\"Checks the version of iTunes on Windows.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains an application that is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple iTunes installed on the remote Windows host is\nprior to 12.2. It is, therefore, affected by multiple vulnerabilities\nin the bundled version of WebKit, including denial of service and\narbitrary code execution vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT204949\");\n # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?103c0dda\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple iTunes 12.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:itunes\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"itunes_detect.nasl\");\n script_require_keys(\"installed_sw/iTunes Version\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\n# Ensure this is Windows\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\n\napp_id = 'iTunes Version';\ninstall = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);\n\nversion = install[\"version\"];\npath = install[\"path\"];\n\nfixed_version = \"12.2.0.145\";\nif (ver_compare(ver:version, fix:fixed_version) < 0)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"iTunes\", version, path);\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:23:25", "bulletinFamily": "scanner", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.2. This update contains several security-related fixes for the following components :\n\n - bash\n - Bluetooth\n - CFNetwork Cache\n - CommerceKit Framework\n - CoreGraphics\n - CoreSymbolication\n - CPU Software\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOUSBFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Safari\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - SpotlightIndex\n - sysmond\n - UserAccountUpdater\n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "modified": "2018-07-14T00:00:00", "id": "MACOSX_10_10_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81087", "published": "2015-01-29T00:00:00", "title": "Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81087);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2014-1595\",\n \"CVE-2014-3192\",\n \"CVE-2014-3566\",\n \"CVE-2014-3567\",\n \"CVE-2014-3568\",\n \"CVE-2014-4371\",\n \"CVE-2014-4389\",\n \"CVE-2014-4419\",\n \"CVE-2014-4420\",\n \"CVE-2014-4421\",\n \"CVE-2014-4460\",\n \"CVE-2014-4461\",\n \"CVE-2014-4476\",\n \"CVE-2014-4477\",\n \"CVE-2014-4479\",\n \"CVE-2014-4481\",\n \"CVE-2014-4483\",\n \"CVE-2014-4484\",\n \"CVE-2014-4485\",\n \"CVE-2014-4486\",\n \"CVE-2014-4487\",\n \"CVE-2014-4488\",\n \"CVE-2014-4489\",\n \"CVE-2014-4491\",\n \"CVE-2014-4492\",\n \"CVE-2014-4495\",\n \"CVE-2014-4498\",\n \"CVE-2014-4499\",\n \"CVE-2014-6277\",\n \"CVE-2014-7186\",\n \"CVE-2014-7187\",\n \"CVE-2014-8517\",\n \"CVE-2014-8817\",\n \"CVE-2014-8819\",\n \"CVE-2014-8820\",\n \"CVE-2014-8821\",\n \"CVE-2014-8822\",\n \"CVE-2014-8823\",\n \"CVE-2014-8824\",\n \"CVE-2014-8825\",\n \"CVE-2014-8826\",\n \"CVE-2014-8827\",\n \"CVE-2014-8830\",\n \"CVE-2014-8831\",\n \"CVE-2014-8832\",\n \"CVE-2014-8833\",\n \"CVE-2014-8834\",\n \"CVE-2014-8835\",\n \"CVE-2014-8836\",\n \"CVE-2014-8837\",\n \"CVE-2014-8838\",\n \"CVE-2014-8839\"\n );\n script_bugtraq_id(\n 69919,\n 69924,\n 69927,\n 69928,\n 69950,\n 70152,\n 70154,\n 70165,\n 70273,\n 70574,\n 70585,\n 70586,\n 70792,\n 71135,\n 71136,\n 71394,\n 72327,\n 72328,\n 72329,\n 72330,\n 72331,\n 72341\n );\n script_xref(name:\"CERT\", value:\"577193\");\n script_xref(name:\"IAVA\", value:\"2014-A-0142\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-01-27-4\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.2 Multiple Vulnerabilities (POODLE)\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto version 10.10.2. This update contains several security-related\nfixes for the following components :\n\n - bash\n - Bluetooth\n - CFNetwork Cache\n - CommerceKit Framework\n - CoreGraphics\n - CoreSymbolication\n - CPU Software\n - FontParser\n - Foundation\n - Intel Graphics Driver\n - IOAcceleratorFamily\n - IOHIDFamily\n - IOKit\n - IOUSBFamily\n - Kernel\n - LaunchServices\n - libnetcore\n - LoginWindow\n - lukemftp\n - OpenSSL\n - Safari\n - SceneKit\n - Security\n - security_taskgate\n - Spotlight\n - SpotlightIndex\n - sysmond\n - UserAccountUpdater\n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/en-us/HT204244\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/534559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.imperialviolet.org/2014/10/14/poodle.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssl.org/~bodo/ssl-poodle.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X 10.10.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'tnftp \"savefile\" Arbitrary Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected as it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-02-19T17:02:57", "bulletinFamily": "info", "description": "### *Detect date*:\n06/30/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a man-in-the-middle attack at vectors related to iTunes Store browsing.\n\n### *Affected products*:\nApple iTunes versions earlier than 12.2\n\n### *Solution*:\nUpdate to the latest version \n[Get Apple iTunes](<http://www.apple.com/itunes/download/>)\n\n### *Original advisories*:\n[Apple advisory](<https://support.apple.com/en-us/HT204949>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Apple iTunes](<https://threats.kaspersky.com/en/product/Apple-iTunes/>)\n\n### *CVE-IDS*:\n[CVE-2015-1083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083>) \n[CVE-2015-1082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1082>) \n[CVE-2015-1070](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1070>) \n[CVE-2015-1079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1079>) \n[CVE-2015-1078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1078>) \n[CVE-2015-1081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081>) \n[CVE-2015-1080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1080>) \n[CVE-2015-1077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1077>) \n[CVE-2015-1076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076>) \n[CVE-2015-1075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1075>) \n[CVE-2015-1074](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1074>) \n[CVE-2015-1071](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071>) \n[CVE-2015-1072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1072>) \n[CVE-2015-1069](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1069>) \n[CVE-2015-1068](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1068>) \n[CVE-2015-1073](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1073>) \n[CVE-2014-4476](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476>) \n[CVE-2014-4477](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477>) \n[CVE-2014-4474](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474>) \n[CVE-2014-4475](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475>) \n[CVE-2014-4472](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472>) \n[CVE-2014-4473](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473>) \n[CVE-2014-4470](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470>) \n[CVE-2014-4471](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471>) \n[CVE-2014-4479](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479>) \n[CVE-2014-4459](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459>) \n[CVE-2015-1119](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1119>) \n[CVE-2014-4466](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466>) \n[CVE-2015-1122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122>) \n[CVE-2015-1121](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1121>) \n[CVE-2015-1120](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120>) \n[CVE-2015-1124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1124>) \n[CVE-2014-3192](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192>) \n[CVE-2014-4468](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468>) \n[CVE-2014-4469](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469>) \n[CVE-2014-4452](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452>) \n[CVE-2015-1152](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1152>) \n[CVE-2015-1154](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1154>) \n[CVE-2015-1153](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153>)", "modified": "2019-02-15T00:00:00", "published": "2015-06-30T00:00:00", "id": "KLA10620", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10620", "title": "\r KLA10620Multiple vulnerabilities in Apple iTunes ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
