Computer Security
[EN] securityvulns.ru no-pyccku


iTunes security vulnerabilities
Published:29.05.2014
Source:
SecurityVulns ID:13794
Type:local
Threat Level:
5/10
Description:Invalid HTTP headers processing, weak permissions.
Affected:APPLE : iTunes 11.2
CVE:CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.)
 CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction.)
Original documentdocumentAPPLE, APPLE-SA-2014-05-16-1 iTunes 11.2.1 (29.05.2014)
 documentAPPLE, APPLE-SA-2014-05-15-2 iTunes 11.2 (29.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod