iTunes Vulnerability in WebKit Allows Code Execution
CVE-2011-2866

Currently unrated

Key Information:

Vendor: Apple
Status: Itunes; Webkit
Vendor: CVE Published:; 8 March 2012

Summary

A vulnerability in WebKit, as deployed in Apple's iTunes prior to version 10.6, exposes systems to man-in-the-middle attacks that can lead to arbitrary code execution. This flaw also presents risks of memory corruption and potential application crashes when users browse the iTunes Store. This issue is distinct from other vulnerabilities identified in Apple's security advisories, highlighting the need for vigilance and timely updates to prevent exploitation.

References

http://www.securityfocus.com/bid/52363

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/48377

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 8, 2012
Vulnerability Reserved
Jul 20, 2011