Information disclosure in iTunes - CVE-2016-4613
Published: October 28, 2016 / Updated: October 31, 2016
Vulnerability identifier: #VU1095
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4613
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
iTunes
iTunes
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to obtain potentially sensitive information on the target system.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can gain access to important data.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can gain access to important data.
Successful exploitation of the vulnerability results in disclosure of potentially sensitive information.
How to mitigate CVE-2016-4613
Update to version 12.5.2.