VAR-200808-0363
Vulnerability from variot - Updated: 2025-04-10 23:05Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple From iTunes An update for has been released.Man-in-the-middle attacks (man-in-the-middle attack) Any software iTunes May appear to be an update. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. iTunes is a free application for iPod and iPhone media file management. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-11-14-1 iTunes 10.5.1
iTunes 10.5.1 is now available and addresses the following:
iTunes Available for: Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attacker may offer software that appears to originate from Apple Description: iTunes periodically checks for software updates using an HTTP request to Apple. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth. CVE-ID CVE-2008-3434 : Francisco Amato of Infobyte Security Research
iTunes 10.5.1 may be obtained from: http://www.apple.com/itunes/download/
For Mac OS X: The download file is named: "iTunes10.5.1.dmg" Its SHA-1 digest is: 08f8ebe3f75d7b98a215750c08b7d6eff7c9ceb9
For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: bbe7ed41e62ef1eb345a12a68c1a81d351057952
For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: c3e70eb77ab400470ef9451803c0e411eed6a689
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJOwLKNAAoJEGnF2JsdZQeecIgH/3TTYRa3C8GPQMDZJgdD0Wgh sktAAH3DWj3HbEluuieTyLkoIzXLluVrJCaLOIt0G79gF0wkW7fB6eXU3i2MFtS2 QYy6dKzZHEKSWlez+pPDnvBLD7KWFg74rz0MBDhhgmpxqHOfJ6CU0xFuojoIYvtP 7WpLtqRpEc1R2dR/y4ACwZWfhpdatZ+mv7Gjq++Nem3/+1MU3M88eGGmX/95qGTv F6dwxf0c2jhL/5mRqC7A0ybn6VQm0oeTxEN8lgr+NQ+BQdXpH4wNzxmhtRP0AmZ6 A8sENF6QBXf4J3+fCX6NqwvAwhTNUav7ApC4TMvN6fcAHzoTECvUIdpOBSKUD3E= =7US+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0363",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "6.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "6.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "6.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "5.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.9"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.7"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.6"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.7.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.9,
"vendor": "apple",
"version": "6.0.5"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "esignal",
"scope": "eq",
"trust": 0.3,
"vendor": "esignal",
"version": "6.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1.8"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "9.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0.2.20"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "8.0"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "7.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "10.1"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "10.5.1"
}
],
"sources": [
{
"db": "BID",
"id": "50672"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Francisco Amato of Infobyte Security Research",
"sources": [
{
"db": "BID",
"id": "50672"
}
],
"trust": 0.3
},
"cve": "CVE-2008-3434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-3434",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-33559",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3434",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2008-3434",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-33559",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Apple From iTunes An update for has been released.Man-in-the-middle attacks (man-in-the-middle attack) Any software iTunes May appear to be an update. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Successful exploits will compromise the affected application and possibly the underlying computer. iTunes is a free application for iPod and iPhone media file management. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-11-14-1 iTunes 10.5.1\n\niTunes 10.5.1 is now available and addresses the following:\n\niTunes\nAvailable for: Mac OS X v10.5 or later, Windows 7, Vista,\nXP SP2 or later\nImpact: A man-in-the-middle attacker may offer software that appears\nto originate from Apple\nDescription: iTunes periodically checks for software updates using\nan HTTP request to Apple. If Apple Software Update for Windows is\nnot installed, clicking the Download iTunes button may open the URL\nfrom the HTTP response in the user\u0027s default browser. This issue has\nbeen mitigated by using a secured connection when checking for\navailable updates. For OS X systems, the user\u0027s default browser is\nnot used because Apple Software Update is included with OS X,\nhowever this change adds additional defense-in-depth. \nCVE-ID\nCVE-2008-3434 : Francisco Amato of Infobyte Security Research\n\n\niTunes 10.5.1 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor Mac OS X:\nThe download file is named: \"iTunes10.5.1.dmg\"\nIts SHA-1 digest is: 08f8ebe3f75d7b98a215750c08b7d6eff7c9ceb9\n\nFor Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: bbe7ed41e62ef1eb345a12a68c1a81d351057952\n\nFor 64-bit Windows XP / Vista / Windows 7:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: c3e70eb77ab400470ef9451803c0e411eed6a689\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQEcBAEBAgAGBQJOwLKNAAoJEGnF2JsdZQeecIgH/3TTYRa3C8GPQMDZJgdD0Wgh\nsktAAH3DWj3HbEluuieTyLkoIzXLluVrJCaLOIt0G79gF0wkW7fB6eXU3i2MFtS2\nQYy6dKzZHEKSWlez+pPDnvBLD7KWFg74rz0MBDhhgmpxqHOfJ6CU0xFuojoIYvtP\n7WpLtqRpEc1R2dR/y4ACwZWfhpdatZ+mv7Gjq++Nem3/+1MU3M88eGGmX/95qGTv\nF6dwxf0c2jhL/5mRqC7A0ybn6VQm0oeTxEN8lgr+NQ+BQdXpH4wNzxmhtRP0AmZ6\nA8sENF6QBXf4J3+fCX6NqwvAwhTNUav7ApC4TMvN6fcAHzoTECvUIdpOBSKUD3E=\n=7US+\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3434"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "BID",
"id": "50672"
},
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "PACKETSTORM",
"id": "107025"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-33559",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3434",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067",
"trust": 0.8
},
{
"db": "FULLDISC",
"id": "20080728 TOOL RELEASE: [EVILGRADE] - USING DNS CACHE POISONING TO EXPLOIT POOR UPDATE IMPLEMENTATIONS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014",
"trust": 0.6
},
{
"db": "BID",
"id": "50672",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "107025",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-33559",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "BID",
"id": "50672"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "PACKETSTORM",
"id": "107025"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"id": "VAR-200808-0363",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:05:19.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT5030",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT5030"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
},
{
"trust": 1.7,
"url": "http://www.infobyte.com.ar/down/francisco%20amato%20-%20evilgrade%20-%20eng.pdf"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011/nov/msg00003.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht5030"
},
{
"trust": 1.1,
"url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17136"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3434"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu535830/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3434"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3434"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "BID",
"id": "50672"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "PACKETSTORM",
"id": "107025"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33559"
},
{
"db": "BID",
"id": "50672"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"db": "PACKETSTORM",
"id": "107025"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-33559"
},
{
"date": "2008-07-28T00:00:00",
"db": "BID",
"id": "50672"
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"date": "2011-11-16T04:35:27",
"db": "PACKETSTORM",
"id": "107025"
},
{
"date": "2008-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"date": "2008-08-01T14:41:00",
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-33559"
},
{
"date": "2015-03-19T08:21:00",
"db": "BID",
"id": "50672"
},
{
"date": "2011-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003067"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-014"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-3434"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iTunes Updates for vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003067"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-014"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…