CVE-2013-1014 — Improper Input Validation in Apple Itunes

CWE-20 — Improper Input Validation2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 89.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedMay 20

Latest updateMay 14

Description

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

CVSS vector

AV:A/AC:M/C:P/I:P/A:NExploitability: 5.5 | Impact: 4.9

Affected Packages1 packages

▶NVDapple/itunes11.0.2+78

🔴Vulnerability Details

GHSA

GHSA-vwr9-j7q7-m34v: Apple iTunes before 11↗2022-05-14

▶