CVE-2013-1004

Apple Security Advisory 2013-09-18-2

Severity Score

8.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

285

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1.

iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-10 CVE Reserved
2013-05-19 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors

CAPEC

References (8)

URL	Tag	Source
http://secunia.com/advisories/54886	Third Party Advisory
http://support.apple.com/kb/HT5785	X_refsource_confirm
http://support.apple.com/kb/HT5934	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitr...	Signature

1 - 4 of 4

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2013/Jun...	2018-10-30
http://lists.apple.com/archives/security-announce/2013/May...	2018-10-30
http://lists.apple.com/archives/security-announce/2013/Sep...	2018-10-30
http://support.apple.com/kb/HT5766	2018-10-30

1 - 4 of 4

Affected Vendors, Products, and Versions (285)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	<= 11.0.2 Search vendor "Apple" for product "Itunes" and version " <= 11.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	<= 11.0.2 Search vendor "Apple" for product "Itunes" and version " <= 11.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	<= 11.0.2 Search vendor "Apple" for product "Itunes" and version " <= 11.0.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.0 Search vendor "Apple" for product "Itunes" and version "4.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.0 Search vendor "Apple" for product "Itunes" and version "4.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.0 Search vendor "Apple" for product "Itunes" and version "4.0.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.1 Search vendor "Apple" for product "Itunes" and version "4.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.1 Search vendor "Apple" for product "Itunes" and version "4.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.0.1 Search vendor "Apple" for product "Itunes" and version "4.0.1"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe
Apple Search vendor "Apple"	Itunes Search vendor "Apple" for product "Itunes"	4.1.0 Search vendor "Apple" for product "Itunes" and version "4.1.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	*	-	Safe

1 - 10 of 285