Security Advisory

CVE-2008-3434

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2008-08-01 14:00:00

Last updated 2024-08-07 09:37:27

Assigner mitre

State PUBLISHED

Description

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

← Browse all CVEs View on cve.org ↗