Apple iTunes insecure updates
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Apple iTunes insecure updates
Published:
16.11.2011
Source:
BUGTRAQ
SecurityVulns ID:
12036
Type:
m-i-t-m
Level:
4
/10
Description:
Software updtes were checked insecurely.
Affected:
APPLE
:
iTunes 10.5
CVE:
CVE-2008-3434
(Apple iTunes before 6.0.5.20 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.)
Original document
APPLE
,
APPLE-SA-2011-11-14-1 iTunes 10.5.1
(
16.11.2011
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
