Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:23205
HistoryNov 16, 2011 - 12:00 a.m.

Apple iTunes 10.x软件更新伪造漏洞

2011-11-1600:00:00
Root
www.seebug.org
6

0.002 Low

EPSS

Percentile

60.5%

JSON

CVE ID:CVE-2008-3434

Apple iTunes是一款用于Mac和PC的一款免费应用程序。它可以播放你的全部音乐和视频内容。
Apple iTunes存在一个安全漏洞,允许恶意用户进行伪造攻击。
使用HTTP请求检查新的更新时软件升级机制存在缺陷,攻击者可以利用漏洞通过中间人攻击伪造更新。
要成功利用漏洞需要目标系统没有安装Apple Software Update。

Apple iTunes 10.x
厂商解决方案

Apple iTunes 10.5.1已经修复此漏洞,建议用户下载使用:
http://www.apple.com

Related

nessus 3
securityvulns 2
openvas 4
cve 1
prion 1
nessus
nessus
iTunes < 10.5.1 Update Authenticity Verification Weakness (Mac OS X)
2011-11-18 00:00:00
Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (credentialed check)
2011-11-18 00:00:00
Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (uncredentialed check)
2011-11-18 00:00:00
securityvulns
securityvulns
APPLE-SA-2011-11-14-1 iTunes 10.5.1
2011-11-16 00:00:00
Apple iTunes insecure updates
2011-11-16 00:00:00
openvas
openvas
Apple iTunes Remote Code Execution Vulnerability (Windows)
2011-11-28 00:00:00
Apple iTunes Remote Code Execution Vulnerability - Windows
2011-11-28 00:00:00
Apple iTunes Remote Code Execution Vulnerability - Mac OS X
2011-11-28 00:00:00
cve
cve
CVE-2008-3434
2008-08-01 14:41:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00

0.002 Low

EPSS

Percentile

60.5%

JSON
Related for SSV:23205
nessus3securityvulns2openvas4cve1prion1