Vulnerabilities > CVE-2014-4452 - Resource Management Errors vulnerability in Apple products

047910
CVSS 5.4 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

Vulnerable Configurations

Part Description Count
OS
Apple
14
Application
Apple
214

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idITUNES_12_2_0.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of WebKit, including denial of service and arbitrary code execution vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id84504
    published2015-07-03
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84504
    titleApple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84504);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2014-3192",
        "CVE-2014-4452",
        "CVE-2014-4459",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475",
        "CVE-2014-4476",
        "CVE-2014-4477",
        "CVE-2014-4479",
        "CVE-2015-1068",
        "CVE-2015-1069",
        "CVE-2015-1070",
        "CVE-2015-1071",
        "CVE-2015-1072",
        "CVE-2015-1073",
        "CVE-2015-1074",
        "CVE-2015-1075",
        "CVE-2015-1076",
        "CVE-2015-1077",
        "CVE-2015-1078",
        "CVE-2015-1079",
        "CVE-2015-1080",
        "CVE-2015-1081",
        "CVE-2015-1082",
        "CVE-2015-1083",
        "CVE-2015-1119",
        "CVE-2015-1120",
        "CVE-2015-1121",
        "CVE-2015-1122",
        "CVE-2015-1124",
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154"
      );
      script_bugtraq_id(
        70273,
        71137,
        71144,
        71438,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        72329,
        72330,
        72331,
        73972,
        74523,
        74525,
        74526
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6");
    
      script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)");
      script_summary(english:"Checks the version of iTunes on Windows.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes installed on the remote Windows host is
    prior to 12.2. It is, therefore, affected by multiple vulnerabilities
    in the bundled version of WebKit, including denial of service and
    arbitrary code execution vulnerabilities.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949");
      # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple iTunes 12.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_detect.nasl");
      script_require_keys("installed_sw/iTunes Version", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    # Ensure this is Windows
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    app_id = 'iTunes Version';
    install = get_single_install(app_name:app_id, exit_if_unknown_ver:TRUE);
    
    version = install["version"];
    path = install["path"];
    
    fixed_version = "12.2.0.145";
    if (ver_compare(ver:version, fix:fixed_version) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "iTunes", version, path);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI8_0_2.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is a version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by the following vulnerabilities in WebKit : - An SVG loaded in an IMG element could load a CSS file cross-origin. This can allow data exfiltration. (CVE-2014-4465) - A UI spoofing flaw exists in the handling of scrollbar boundaries. Visiting websites that frame malicious content can allow the UI to be spoofed. (CVE-2014-1748) - Multiple memory corruption issues exist that can lead to an unexpected application crash or potential arbitrary code execution by means of malicious website content. (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466, CVE-2014-4468, CVE-2014-4469, CVE-2014-4470, CVE-2014-4471, CVE-2014-4472, CVE-2014-4473, CVE-2014-4474, CVE-2014-4475) Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more recent updates, however, were released to fix potential issues with the installation of the previous patch release.
    last seen2020-06-01
    modified2020-06-02
    plugin id80055
    published2014-12-16
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80055
    titleMac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80055);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2014-1748",
        "CVE-2014-4465",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475"
      );
      script_bugtraq_id(
        71438,
        71439,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        71464
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-12-3-1");
    
      script_name(english:"Mac OS X : Apple Safari < 6.2.2 / 7.1.2 / 8.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks the Safari version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple Safari installed on the remote Mac OS X host is a
    version prior to 6.2.2 / 7.1.2 / 8.0.2. It is, therefore, affected by
    the following vulnerabilities in WebKit :
    
      - An SVG loaded in an IMG element could load a CSS file
        cross-origin. This can allow data exfiltration.
        (CVE-2014-4465)
    
      - A UI spoofing flaw exists in the handling of scrollbar
        boundaries. Visiting websites that frame malicious
        content can allow the UI to be spoofed. (CVE-2014-1748)
    
      - Multiple memory corruption issues exist that can lead to
        an unexpected application crash or potential arbitrary
        code execution by means of malicious website content.
        (CVE-2014-4452, CVE-2014-4459, CVE-2014-4466,
        CVE-2014-4468, CVE-2014-4469, CVE-2014-4470,
        CVE-2014-4471, CVE-2014-4472, CVE-2014-4473,
        CVE-2014-4474, CVE-2014-4475)
    
    Note that the 6.2.2 / 7.1.2 / 8.0.2 Safari updates include the
    security content of the 6.2.1 / 7.1.1 / 8.0.1 updates. These more
    recent updates, however, were released to fix potential issues with
    the installation of the previous patch release.");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT1222");
      script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/archive/1/534148");
      script_set_attribute(attribute:"see_also", value:"http://support.apple.com/en-us/HT6597");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple Safari 6.2.2 / 7.1.2 / 8.0.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_Safari31.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    os = get_kb_item("Host/MacOSX/Version");
    if (!os) audit(AUDIT_OS_NOT, "Mac OS X");
    
    if (!ereg(pattern:"Mac OS X 10\.([89]|10)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.8 / 10.9 / 10.10");
    
    get_kb_item_or_exit("MacOSX/Safari/Installed");
    path = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
    version = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);
    
    # Even though the fixes that the recent
    # patches replace are no longer availabe,
    # the older versions are checked to avoid
    # FPs in the event that the initial fix
    # is present
    if ("10.8" >< os)
    {
      cutoff = "6.2.1";
      fixed_version = "6.2.2";
    }
    else if ("10.9" >< os)
    {
      cutoff = "7.1.1";
      fixed_version = "7.1.2";
    }
    else
    {
      cutoff= "8.0.1";
      fixed_version = "8.0.2";
    }
    
    if (ver_compare(ver:version, fix:cutoff, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fixed_version + '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);
    
  • NASL familyMisc.
    NASL idAPPLETV_7_0_2.NASL
    descriptionAccording to its banner, the remote Apple TV device is a version prior to 7.0.2. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist related to the included version of WebKit that allow application crashes or arbitrary code execution. (CVE-2014-4452, CVE-2014-4462) - A state management issue exists due to improperly handling overlapping segments in Mach-O executable files. A local user can exploit this issue to execute unsigned code. (CVE-2014-4455) - A remote code execution issue exists due to improper validation of metadata fields in IOSharedDataQueue objects. (CVE-2014-4461)
    last seen2020-06-01
    modified2020-06-02
    plugin id79360
    published2014-11-20
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79360
    titleApple TV < 7.0.2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79360);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/15 20:50:23");
    
      script_cve_id(
        "CVE-2014-4452",
        "CVE-2014-4455",
        "CVE-2014-4461",
        "CVE-2014-4462"
      );
      script_bugtraq_id(71136, 71137, 71140, 71142);
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2014-11-17-3");
    
      script_name(english:"Apple TV < 7.0.2 Multiple Vulnerabilities");
      script_summary(english:"Checks the version in the banner.");
    
      script_set_attribute(attribute:"synopsis", value:"The remote device is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its banner, the remote Apple TV device is a version prior
    to 7.0.2. It is, therefore, affected by the following
    vulnerabilities :
    
      - Multiple memory corruption issues exist related to the
        included version of WebKit that allow application
        crashes or arbitrary code execution. (CVE-2014-4452,
        CVE-2014-4462)
    
      - A state management issue exists due to improperly
        handling overlapping segments in Mach-O executable
        files. A local user can exploit this issue to execute
        unsigned code. (CVE-2014-4455)
    
      - A remote code execution issue exists due to improper
        validation of metadata fields in IOSharedDataQueue
        objects. (CVE-2014-4461)");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204420");
      script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/534005/30/0/threaded");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple TV 7.0.2 or later. Note that this update is only
    available for 3rd generation and later models.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/20");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("appletv_detect.nasl");
      script_require_keys("www/appletv");
      script_require_ports(3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    get_kb_item_or_exit("www/appletv");
    
    port = 3689;
    banner = get_http_banner(port:port, broken:TRUE, exit_on_fail:TRUE);
    if (
      "DAAP-Server: iTunes/" >!< banner &&
      "RIPT-Server: iTunesLib/" >!< banner
    ) audit(AUDIT_WRONG_WEB_SERVER, port, 'iTunes');
    
    pat = "^DAAP-Server: iTunes/([0-9][0-9.]+)([a-z])([0-9]+) \((Mac )?OS X\)";
    matches = egrep(pattern:pat, string:banner);
    
    if (
      "DAAP-Server: iTunes/" >< banner &&
      !matches
    ) audit(AUDIT_WRONG_WEB_SERVER, port, "iTunes on an Apple TV");
    
    fixed_major = "11.1";
    fixed_char = "b";
    fixed_minor = "37";
    fixed_airtunes_version = "211.3";
    
    report = "";
    
    # Check first for 3rd gen and recent 2nd gen models.
    if (matches)
    {
      foreach line (split(matches, keep:FALSE))
      {
        match = eregmatch(pattern:pat, string:line);
        if (!isnull(match))
        {
          major = match[1];
          char = match[2];
          minor = int(match[3]);
    
          if (
            ver_compare(ver:major, fix:fixed_major, strict:FALSE) < 0 ||
            (
              ver_compare(ver:major, fix:fixed_major, strict:FALSE) == 0 &&
              (
                ord(char) < ord(fixed_char) ||
                (
                  ord(char) == ord(fixed_char) &&
                  minor < fixed_minor
                )
              )
            )
          )
          {
            report = '\n  Source                   : ' + line +
                     '\n  Installed iTunes version : ' + major + char + minor +
                     '\n  Fixed iTunes version     : ' + fixed_major + fixed_char + fixed_minor +
                     '\n';
          }
          else if (major == fixed_major && char == fixed_char && minor == fixed_minor)
          {
            airtunes_port = 5000;
            # nb: 'http_server_header()' exits if it can't get the HTTP banner.
            server_header = http_server_header(port:airtunes_port);
            if (isnull(server_header)) audit(AUDIT_WEB_NO_SERVER_HEADER, airtunes_port);
            if ("AirTunes" >!< server_header)  audit(AUDIT_WRONG_WEB_SERVER, airtunes_port, "AirTunes");
    
            match = eregmatch(string:server_header, pattern:"^AirTunes\/([0-9][0-9.]+)");
            if (!match) audit(AUDIT_UNKNOWN_WEB_SERVER_VER, "AirTunes", airtunes_port);
            airtunes_version = match[1];
    
            if (ver_compare(ver:airtunes_version, fix:fixed_airtunes_version, strict:FALSE) < 0)
            {
              report = '\n  Source                     : ' + server_header +
                       '\n  Installed AirTunes version : ' + airtunes_version +
                       '\n  Fixed AirTunes version     : ' + fixed_airtunes_version +
                       '\n';
            }
            else audit(AUDIT_LISTEN_NOT_VULN, "AirTunes", airtunes_port, airtunes_version);
          }
        }
      }
    }
    else
    {
      pat2 = "^RIPT-Server: iTunesLib/([0-9]+)\.";
      matches = egrep(pattern:pat2, string:banner);
      if (matches)
      {
        foreach line (split(matches, keep:FALSE))
        {
          match = eregmatch(pattern:pat2, string:line);
          if (!isnull(match))
          {
            major = int(match[1]);
            if (major <= 9)
            {
              report = '\n  Source : ' + line +
                       '\n';
            }
            break;
          }
        }
      }
    }
    
    if (report)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:report);
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_2_0_BANNER.NASL
    descriptionThe version of Apple iTunes running on the remote host is prior to 12.2. It is, therefore, affected by multiple vulnerabilities due to memory corruption issues in the WebKit component. An attacker can exploit these to cause a denial of service or execute arbitrary code. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id86600
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86600
    titleApple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86600);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2014-3192",
        "CVE-2014-4452",
        "CVE-2014-4459",
        "CVE-2014-4466",
        "CVE-2014-4468",
        "CVE-2014-4469",
        "CVE-2014-4470",
        "CVE-2014-4471",
        "CVE-2014-4472",
        "CVE-2014-4473",
        "CVE-2014-4474",
        "CVE-2014-4475",
        "CVE-2014-4476",
        "CVE-2014-4477",
        "CVE-2014-4479",
        "CVE-2015-1068",
        "CVE-2015-1069",
        "CVE-2015-1070",
        "CVE-2015-1071",
        "CVE-2015-1072",
        "CVE-2015-1073",
        "CVE-2015-1074",
        "CVE-2015-1075",
        "CVE-2015-1076",
        "CVE-2015-1077",
        "CVE-2015-1078",
        "CVE-2015-1079",
        "CVE-2015-1080",
        "CVE-2015-1081",
        "CVE-2015-1082",
        "CVE-2015-1083",
        "CVE-2015-1119",
        "CVE-2015-1120",
        "CVE-2015-1121",
        "CVE-2015-1122",
        "CVE-2015-1124",
        "CVE-2015-1152",
        "CVE-2015-1153",
        "CVE-2015-1154"
      );
      script_bugtraq_id(
        70273,
        71137,
        71144,
        71438,
        71442,
        71444,
        71445,
        71449,
        71451,
        71459,
        71461,
        71462,
        72329,
        72330,
        72331,
        73972,
        74523,
        74525,
        74526
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2015-06-30-6");
    
      script_name(english:"Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)");
      script_summary(english:"Checks the version of iTunes.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains an application that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Apple iTunes running on the remote host is prior to
    12.2. It is, therefore, affected by multiple vulnerabilities due to
    memory corruption issues in the WebKit component. An attacker can
    exploit these to cause a denial of service or execute arbitrary code.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT204949");
      # https://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?103c0dda");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Apple version iTunes 12.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4466");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/26");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:itunes");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Peer-To-Peer File Sharing");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("itunes_sharing.nasl");
      script_require_keys("iTunes/sharing");
      script_require_ports("Services/www", 3689);
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:3689, embedded:TRUE, ignore_broken:TRUE);
    
    get_kb_item_or_exit("iTunes/" + port + "/enabled");
    
    type = get_kb_item_or_exit("iTunes/" + port + "/type");
    source = get_kb_item_or_exit("iTunes/" + port + "/source");
    version = get_kb_item_or_exit("iTunes/" + port + "/version");
    
    if (type != 'Windows') audit(AUDIT_OS_NOT, "Windows");
    
    fixed_version = "12.2.0.145";
    
    if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report = '\n  Version source    : ' + source +
                 '\n  Installed version : ' + version +
                 '\n  Fixed version     : ' + fixed_version + 
                 '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "iTunes", port, version);