Man-in-the-Middle Vulnerability in Apple iTunes
CVE-2012-0636

Currently unrated

Key Information:

Vendor: Apple
Status: Itunes; Webkit
Vendor: CVE Published:; 8 March 2012

Summary

A vulnerability exists in Apple iTunes versions prior to 10.6, where the WebKit rendering engine can allow man-in-the-middle attackers to execute arbitrary code or trigger a denial of service. This occurs through specific vectors during browsing in the iTunes Store, potentially leading to memory corruption and application crashes.

References

http://www.securityfocus.com/bid/52363

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/48377

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 8, 2012
Vulnerability Reserved
Jan 12, 2012