var-201309-0050
Vulnerability from variot
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. Apple iOS Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. Note: This issue was previously discussed in BID 62490 (WebKit Multiple Unspecified Memory Corruption Vulnerabilities), but has been moved to its own record for better documentation. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-01-22-1 iTunes 11.1.4
iTunes 11.1.4 is now available and addresses the following:
iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may control the contents of the iTunes Tutorials window Description: The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. CVE-ID CVE-2014-1242 : Apple
iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation
iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple
libxml Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
iTunes 11.1.4 may be obtained from: http://www.apple.com/itunes/download/
For OS X: The download file is named: iTunes11.1.4.dmg Its SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276
For Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f
For 64-bit Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2 dQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC svag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de 1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45 koP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr 8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj 6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw AowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85 MbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN B+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw lsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX eWabnIgZ1wYWZB0y8x5K =pK6I -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "safari",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "tv",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.0 (apple tv first 2 after generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7 (ipad 2 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7 (iphone 4 or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7 (ipod touch first 5 after generation )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows 7)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows 8)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows vista)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows xp sp2 or later )"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (apple mac os x server v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (apple mac os x v10.7.5)"
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "6.1 (apple mac os x v10.8.3)"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.6,
"vendor": "webkit",
"version": "1.2.5"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.6,
"vendor": "webkit",
"version": "1.2.3"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.6,
"vendor": "webkit",
"version": "1.2.2"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.6,
"vendor": "webkit",
"version": "2"
},
{
"model": "open source project webkit",
"scope": "eq",
"trust": 0.6,
"vendor": "webkit",
"version": "1.2.2-1"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:apple_tv",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:safari",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Chrome Security Team",
"sources": [
{
"db": "BID",
"id": "62565"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-1038",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-61040",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-1038",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-1038",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-311",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-61040",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. Apple iOS Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. \nAn attacker may exploit this issue by enticing victims into viewing a malicious webpage. \nSuccessful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. \nNote: This issue was previously discussed in BID 62490 (WebKit Multiple Unspecified Memory Corruption Vulnerabilities), but has been moved to its own record for better documentation. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-01-22-1 iTunes 11.1.4\n\niTunes 11.1.4 is now available and addresses the following:\n\niTunes\nAvailable for: Mac OS X v10.6.8 or later, Windows 8, Windows 7,\nVista, XP SP2 or later\nImpact: An attacker with a privileged network position may control\nthe contents of the iTunes Tutorials window\nDescription: The contents of the iTunes Tutorials window are\nretrieved from the network using an unprotected HTTP connection. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. \nCVE-ID\nCVE-2014-1242 : Apple\n\niTunes\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of text tracks. This issue was addressed by additional\nvalidation of text tracks. \nCVE-ID\nCVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation\n\niTunes\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-1037 : Google Chrome Security Team\nCVE-2013-1038 : Google Chrome Security Team\nCVE-2013-1039 : own-hero Research working with iDefense VCP\nCVE-2013-1040 : Google Chrome Security Team\nCVE-2013-1041 : Google Chrome Security Team\nCVE-2013-1042 : Google Chrome Security Team\nCVE-2013-1043 : Google Chrome Security Team\nCVE-2013-1044 : Apple\nCVE-2013-1045 : Google Chrome Security Team\nCVE-2013-1046 : Google Chrome Security Team\nCVE-2013-1047 : miaubiz\nCVE-2013-2842 : Cyril Cattiaux\nCVE-2013-5125 : Google Chrome Security Team\nCVE-2013-5126 : Apple\nCVE-2013-5127 : Google Chrome Security Team\nCVE-2013-5128 : Apple\n\nlibxml\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nlibxslt\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\n\niTunes 11.1.4 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor OS X:\nThe download file is named: iTunes11.1.4.dmg\nIts SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276\n\nFor Windows XP / Vista / Windows 7 / Windows 8:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f\n\nFor 64-bit Windows XP / Vista / Windows 7 / Windows 8:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2\ndQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC\nsvag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de\n1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45\nkoP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr\n8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj\n6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw\nAowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85\nMbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN\nB+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw\nlsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX\neWabnIgZ1wYWZB0y8x5K\n=pK6I\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1038"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
},
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "PACKETSTORM",
"id": "124932"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1038",
"trust": 3.2
},
{
"db": "SECTRACK",
"id": "1029054",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "54886",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU98681940",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95174988",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU94321146",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2013-09-18-2",
"trust": 0.6
},
{
"db": "BID",
"id": "62565",
"trust": 0.4
},
{
"db": "BID",
"id": "62490",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-61040",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124932",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"id": "VAR-201309-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61040"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T13:17:45.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2013-10-22-8",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
},
{
"title": "APPLE-SA-2013-10-22-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"title": "APPLE-SA-2013-09-18-2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"title": "HT6000",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6000"
},
{
"title": "HT6001",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6001"
},
{
"title": "HT5934",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5934"
},
{
"title": "HT5935",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5935"
},
{
"title": "HT5934",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5934?viewlocale=ja_JP"
},
{
"title": "HT5935",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5935?viewlocale=ja_JP"
},
{
"title": "HT6000",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6000?viewlocale=ja_JP"
},
{
"title": "HT6001",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2013/sep/msg00006.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht5934"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00003.html"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2013/oct/msg00009.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht6001"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029054"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54886"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1038"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu98681940/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95174988/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94321146/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1038"
},
{
"trust": 0.6,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.6,
"url": "http://www.webkit.org/"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61040"
},
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-61040"
},
{
"date": "2013-09-18T00:00:00",
"db": "BID",
"id": "62565"
},
{
"date": "2013-09-18T00:00:00",
"db": "BID",
"id": "62490"
},
{
"date": "2013-09-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"date": "2014-01-24T01:33:33",
"db": "PACKETSTORM",
"id": "124932"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"date": "2013-09-19T10:27:55.787000",
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-18T00:00:00",
"db": "VULHUB",
"id": "VHN-61040"
},
{
"date": "2014-01-24T00:42:00",
"db": "BID",
"id": "62565"
},
{
"date": "2015-03-19T09:18:00",
"db": "BID",
"id": "62490"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004217"
},
{
"date": "2013-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-311"
},
{
"date": "2016-11-18T20:01:00.530000",
"db": "NVD",
"id": "CVE-2013-1038"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Used in etc. WebKit Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "62565"
},
{
"db": "BID",
"id": "62490"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…