WebKit Vulnerability in Apple iTunes Allows Arbitrary Code Execution
CVE-2012-0637

Currently unrated

Key Information:

Vendor: Apple
Status: Itunes; Webkit
Vendor: CVE Published:; 8 March 2012

Summary

A vulnerability exists in WebKit, utilized in Apple iTunes prior to version 10.6, which can be exploited by man-in-the-middle attackers. This exploit allows for arbitrary code execution or may lead to a denial of service situation, causing memory corruption and application crashes, specifically during iTunes Store browsing sessions.

References

http://www.securityfocus.com/bid/52363

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/48377

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 8, 2012
Vulnerability Reserved
Jan 12, 2012