WebKit Vulnerability in Apple iTunes Enables Code Execution Risks
CVE-2012-0648

Currently unrated

Key Information:

Vendor: Apple
Status: Itunes; Webkit
Vendor: CVE Published:; 8 March 2012

Summary

The vulnerability in WebKit, utilized in Apple iTunes prior to version 10.6, enables potential man-in-the-middle attackers to exploit specific weaknesses during the browsing of iTunes Store. This exploitation can lead to arbitrary code execution or denial of service, resulting in application crashes and memory corruption. Remediation involves updating to the latest version of iTunes to mitigate these risks.

References

http://www.securityfocus.com/bid/52363

vdb-entryx_refsource_BID

http://secunia.com/advisories/48377

third-party-advisoryx_refsource_SECUNIA

http://lists.apple.com/archives/security-announce/2012/Ma...

vendor-advisoryx_refsource_APPLE

Timeline

Vulnerability published
Mar 8, 2012
Vulnerability Reserved
Jan 12, 2012