Multiple vulnerabilities were reported in Apple iTunes. A remote user can execute arbitrary code on the target system. A remote user can spoof digital certificates. BlackBerry OS is affected by one vulnerability.|
A remote user can conduct a man-in-the-middle attack to trigger a memory corruption error in WebKit and cause the target iTunes application to execute arbitrary code while the target user is browsing the iTunes Store [CVE-2013-0879, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006,
CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011].
Atte Kettunen of OUSPG, Jay Civelli of the Chromium development community, Google Chrome Security Team (Martin Barbella), Google Chrome Security Team (Inferno), David German of Google, Vitaliy Toropov (via HP TippingPoint's Zero Day Initiative), pa_kt (via HP TippingPoint's Zero Day Initiative), Fermin J. Serna of the Google Security Team, Ryan Humenick, Sergey Glazunov, and miaubiz reported these vulnerabilities.
The system does not properly validate certificates. A remote user can conduct a man-in-the-middle attack to spoof HTTPS server certificates and obtain potentially sensitive information [CVE-2013-1014].
Christopher of ThinkSECURE Pte Ltd and Christopher Hickstein of University of Minnesota reported this vulnerability.