Computer Security
[EN] securityvulns.ru no-pyccku


Apple iTunes insecure updates
Published:16.11.2011
Source:
SecurityVulns ID:12036
Type:m-i-t-m
Threat Level:
4/10
Description:Software updtes were checked insecurely.
Affected:APPLE : iTunes 10.5
CVE:CVE-2008-3434 (Apple iTunes before 6.0.5.20 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.)
Original documentdocumentAPPLE, APPLE-SA-2011-11-14-1 iTunes 10.5.1 (16.11.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod