Followers

Wednesday, 20 July 2016

Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)

Source: www.nessus.org --- Tuesday, July 19, 2016
Synopsis : The remote host is running an application that is affected by multiple vulnerabilities. Description : The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1684, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612) - Multiple memory corruption issues exist in the libxml2 component that allow a remote attacker to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4483, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619) - An XXE (Xml eXternal Entity) injection vulnerability exists in the libxml2 component due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote attacker can exploit this, via a specially crafted XML file, to disclose arbitrary files and user information. (CVE-2016-4449) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. See also : https://support.Apple.com/en-us/HT206901 http://ift.tt/29Tv0Oi Solution : Upgrade to Apple iTunes ...



from Apple http://ift.tt/29TuAYd

No comments:

Post a Comment