Apple iTunes Man In The Middle Remote Code Execution Vulnerability
BID:50672
Info
Apple iTunes Man In The Middle Remote Code Execution Vulnerability
| Bugtraq ID: | 50672 |
| Class: | Design Error |
| CVE: |
CVE-2008-3434 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 28 2008 12:00AM |
| Updated: | Mar 19 2015 08:21AM |
| Credit: | Francisco Amato of Infobyte Security Research |
| Vulnerable: |
eSignal eSignal 6.0.2 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 9.2 Apple iTunes 9.1 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 7.4 Apple iTunes 10.5 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1 |
| Not Vulnerable: |
Apple iTunes 10.5.1 |
Discussion
Apple iTunes Man In The Middle Remote Code Execution Vulnerability
Apple iTunes is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer.
Apple iTunes is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer.
Exploit / POC
Apple iTunes Man In The Middle Remote Code Execution Vulnerability
An attacker can exploit this issue through a man-in-the-middle attack.
An attacker can exploit this issue through a man-in-the-middle attack.
Solution / Fix
Apple iTunes Man In The Middle Remote Code Execution Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Apple iTunes Man In The Middle Remote Code Execution Vulnerability
References:
References:
- Apple Homepage (Apple)
- Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update imp (Infobyte Security Research)