Arbitrary Code Execution and Denial of Service Vulnerability in iTunes by Apple
CVE-2012-0638

Currently unrated

Key Information:

Vendor
Apple
Status
Itunes
Webkit
Vendor
CVE Published:
8 March 2012

Summary

A vulnerability in WebKit utilized by Apple's iTunes prior to version 10.6 enables man-in-the-middle attackers to execute arbitrary code or trigger a denial of service. This flaw specifically pertains to the browsing of the iTunes Store, leaving users susceptible to potential security risks if they interact with compromised connections. Addressing this vulnerability is crucial to ensure a secure user experience while accessing iTunes features.

References

http://www.securityfocus.com/bid/52363
vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/48377
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.