Vulnerabilities > CVE-2014-4452 - Resource Management Errors vulnerability in Apple products
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id ITUNES_12_2_0.NASL description The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 84504 published 2015-07-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84504 title Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84504); script_version("1.8"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-3192", "CVE-2014-4452", "CVE-2014-4459", "CVE-2014-4466", "CVE-2014-4468", "CVE-2014-4469", "CVE-2014-4470", "CVE-2014-4471", "CVE-2014-4472", "CVE-2014-4473", "CVE-2014-4474", "CVE-2014-4475", "CVE-2014-4476", "CVE-2014-4477", "CVE-2014-4479", "CVE-2015-1068", "CVE-2015-1069", "CVE-2015-1070", "CVE-2015-1071", "CVE-2015-1072", "CVE-2015-1073", "CVE-2015-1074", "CVE-2015-1075", "CVE-2015-1076", "CVE-2015-1077", "CVE-2015-1078", "CVE-2015-1079", "CVE-2015-1080", "CVE-2015-1081", "CVE-2015-1082", "CVE-2015-1083", "CVE-2015-1119", "CVE-2015-1120", "CVE-2015-1121", "CVE-2015-1122", "CVE-2015-1124", "CVE-2015-1152", "CVE-2015-1153", "CVE-2015-1154" ); script_bugtraq_id( 70273, 71137, 71144, 71438, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 72329, 72330, 72331, 73972, 74523, 74525, 74526 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6"); script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)"); script_summary(english:"Checks the version of iTunes on Windows."); script_set_attribute(attribute:"synopsis", value: "The remote host contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949"); # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple iTunes 12.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("itunes_detect.nasl"); script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); # Ensure this is Windows get_kb_item_or_exit("SMB/Registry/Enumerated"); app_id = 'iTunes Version'; install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; fixed_version = "12.2.0.145"; if (ver_compare(ver:version, fix:fixed_version) < 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI8_0_2.NASL description The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release. last seen 2020-06-01 modified 2020-06-02 plugin id 80055 published 2014-12-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80055 title Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80055); script_version("1.5"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2014-1748", "CVE-2014-4465", "CVE-2014-4466", "CVE-2014-4468", "CVE-2014-4469", "CVE-2014-4470", "CVE-2014-4471", "CVE-2014-4472", "CVE-2014-4473", "CVE-2014-4474", "CVE-2014-4475" ); script_bugtraq_id( 71438, 71439, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 71464 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-12-3-1"); script_name(english:"Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities"); script_summary(english:"Checks the Safari version."); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release."); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT1222"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/534148"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT6597"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple Safari 6.2.2 / 7.1.2 / 8.0.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/02"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_Safari31.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); if (!ereg(pattern:"Mac OS X 10\.([89]|10)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9 / 10.10"); get_kb_item_or_exit("MacOSX/Safari/Installed"); path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1); version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1); # Even though the fixes that the recent # patches replace are no longer availabe, # the older versions are checked to avoid # FPs in the event that the initial fix # is present if ("10.8" >< os) { cutoff = "6.2.1"; fixed_version = "6.2.2"; } else if ("10.9" >< os) { cutoff = "7.1.1"; fixed_version = "7.1.2"; } else { cutoff= "8.0.1"; fixed_version = "8.0.2"; } if (ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
NASL family Misc. NASL id APPLETV_7_0_2.NASL description According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461) last seen 2020-06-01 modified 2020-06-02 plugin id 79360 published 2014-11-20 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79360 title Apple TV < 7.0.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(79360); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2014-4452", "CVE-2014-4455", "CVE-2014-4461", "CVE-2014-4462" ); script_bugtraq_id(71136, 71137, 71140, 71142); script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-11-17-3"); script_name(english:"Apple TV < 7.0.2 Multiple Vulnerabilities"); script_summary(english:"Checks the version in the banner."); script_set_attribute(attribute:"synopsis", value:"The remote device is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461)"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204420"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/534005/30/0/threaded"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple TV 7.0.2 or later. Note that this update is only available for 3rd generation and later models."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/17"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("appletv_detect.nasl"); script_require_keys("www/appletv"); script_require_ports(3689); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); get_kb_item_or_exit("www/appletv"); port = 3689; banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE); if ( "DAAP-Server: iTunes/" >!< banner && "RIPT-Server: iTunesLib/" >!< banner ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes'); pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \((Mac )?OS X\)"; matches = egrep(pattern:pat, string:banner); if ( "DAAP-Server: iTunes/" >< banner && !matches ) audit(AUDIT_WRONG_WEB_SERVER, port, "iTunes on an Apple TV"); fixed_major = "11.1"; fixed_char = "b"; fixed_minor = "37"; fixed_airtunes_version = "211.3"; report = ""; # Check first for 3rd gen and recent 2nd gen models. if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat, string:line); if (!isnull(match)) { major = match[1]; char = match[2]; minor = int(match[3]); if ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 || ( ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 && ( ord(char) < ord(fixed_char) || ( ord(char) == ord(fixed_char) && minor < fixed_minor ) ) ) ) { report = '\n Source : ' + line + '\n Installed iTunes version : ' + major + char + minor + '\n Fixed iTunes version : ' + fixed_major + fixed_char + fixed_minor + '\n'; } else if (major == fixed_major && char == fixed_char && minor == fixed_minor) { airtunes_port = 5000; # nb: 'http_server_header()' exits if it can't get the HTTP banner. server_header = http_server_header(port:airtunes_port); if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port); if ("AirTunes" >!< server_header) audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, "AirTunes"); match = eregmatch(string:server_header, pattern:"^AirTunes\/([0-9][0-9.]+)"); if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, "AirTunes", airtunes_port); airtunes_version = match[1]; if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0) { report = '\n Source : ' + server_header + '\n Installed AirTunes version : ' + airtunes_version + '\n Fixed AirTunes version : ' + fixed_airtunes_version + '\n'; } else audit(AUDIT_LISTEN_NOT_VULN, "AirTunes", airtunes_port, airtunes_version); } } } } else { pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\."; matches = egrep(pattern:pat2, string:banner); if (matches) { foreach line (split(matches, keep:FALSE)) { match = eregmatch(pattern:pat2, string:line); if (!isnull(match)) { major = int(match[1]); if (major <= 9) { report = '\n Source : ' + line + '\n'; } break; } } } } if (report) { if (report_verbosity > 0) security_hole(port:0, extra:report); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Peer-To-Peer File Sharing NASL id ITUNES_12_2_0_BANNER.NASL description The version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 86600 published 2015-10-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86600 title Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(86600); script_version("1.5"); script_cvs_date("Date: 2019/11/20"); script_cve_id( "CVE-2014-3192", "CVE-2014-4452", "CVE-2014-4459", "CVE-2014-4466", "CVE-2014-4468", "CVE-2014-4469", "CVE-2014-4470", "CVE-2014-4471", "CVE-2014-4472", "CVE-2014-4473", "CVE-2014-4474", "CVE-2014-4475", "CVE-2014-4476", "CVE-2014-4477", "CVE-2014-4479", "CVE-2015-1068", "CVE-2015-1069", "CVE-2015-1070", "CVE-2015-1071", "CVE-2015-1072", "CVE-2015-1073", "CVE-2015-1074", "CVE-2015-1075", "CVE-2015-1076", "CVE-2015-1077", "CVE-2015-1078", "CVE-2015-1079", "CVE-2015-1080", "CVE-2015-1081", "CVE-2015-1082", "CVE-2015-1083", "CVE-2015-1119", "CVE-2015-1120", "CVE-2015-1121", "CVE-2015-1122", "CVE-2015-1124", "CVE-2015-1152", "CVE-2015-1153", "CVE-2015-1154" ); script_bugtraq_id( 70273, 71137, 71144, 71438, 71442, 71444, 71445, 71449, 71451, 71459, 71461, 71462, 72329, 72330, 72331, 73972, 74523, 74525, 74526 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6"); script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)"); script_summary(english:"Checks the version of iTunes."); script_set_attribute(attribute:"synopsis", value: "The remote host contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949"); # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda"); script_set_attribute(attribute:"solution", value: "Upgrade to Apple version iTunes 12.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Peer-To-Peer File Sharing"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("itunes_sharing.nasl"); script_require_keys("iTunes/sharing"); script_require_ports("Services/www", 3689); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE); get_kb_item_or_exit("iTunes/" + port + "/enabled"); type = get_kb_item_or_exit("iTunes/" + port + "/type"); source = get_kb_item_or_exit("iTunes/" + port + "/source"); version = get_kb_item_or_exit("iTunes/" + port + "/version"); if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows"); fixed_version = "12.2.0.145"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);
References
- http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
- http://lists.apple.com/archives/security-announce/2014/Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2014/Nov/msg00002.html
- http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
- http://secunia.com/advisories/62504
- http://secunia.com/advisories/62505
- http://support.apple.com/kb/HT6596
- http://www.securityfocus.com/bid/71137
- http://www.securitytracker.com/id/1031231
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98771
- https://support.apple.com/en-us/HT204418
- https://support.apple.com/en-us/HT204420
- https://support.apple.com/en-us/HT6590
- https://support.apple.com/en-us/HT6592
- https://support.apple.com/kb/HT204949