Test ID:	1.3.6.1.4.1.25623.1.0.902720
Category:	Mac OS X Local Security Checks
Title:	Apple iTunes Arbitrary Code Execution Vulnerability - Mac OS X
Summary:	Apple iTunes is prone to an arbitrary code execution vulnerability.
Description:	Summary: Apple iTunes is prone to an arbitrary code execution vulnerability. Vulnerability Insight: The flaw is due to a memory corruption issue in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution. Vulnerability Impact: Successful exploitation could allow attackers to lead to an unexpected application termination or arbitrary code execution. Affected Software/OS: Apple iTunes version prior to 10.2.2. Solution: Update to version 10.2.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1290 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html BugTraq ID: 46849 http://www.securityfocus.com/bid/46849 Bugtraq: 20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517513/100/0/threaded Debian Security Information: DSA-2192 (Google Search) http://www.debian.org/security/2011/dsa-2192 http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401 http://www.zerodayinitiative.com/advisories/ZDI-11-104 http://osvdb.org/71182 http://www.securitytracker.com/id?1025212 http://secunia.com/advisories/43735 http://secunia.com/advisories/43748 http://secunia.com/advisories/43782 http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://www.vupen.com/english/advisories/2011/0645 http://www.vupen.com/english/advisories/2011/0654 http://www.vupen.com/english/advisories/2011/0671 http://www.vupen.com/english/advisories/2011/0984 XForce ISS Database: google-webkit-style-code-execution(66052) https://exchange.xforce.ibmcloud.com/vulnerabilities/66052 Common Vulnerability Exposure (CVE) ID: CVE-2011-1344 BugTraq ID: 46822 http://www.securityfocus.com/bid/46822 Bugtraq: 20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517505/100/0/threaded Bugtraq: 20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) (Google Search) http://www.securityfocus.com/archive/1/517517/100/0/threaded http://twitter.com/aaronportnoy/statuses/45632544967901187 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358 http://www.zerodayinitiative.com/advisories/ZDI-11-135 http://www.securitytracker.com/id?1025363 XForce ISS Database: safari-webkit-unspec-code-exec(66061) https://exchange.xforce.ibmcloud.com/vulnerabilities/66061
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.