Info

Disclosure

Aug 22, 2012

Discovery

Unknown

Dates

Exploit

Aug 22, 2012

Solution

Unknown

Description

Apple iTunes contains a flaw that is triggered when credentials are stored in the process memory as plaintext. This may allow a local attacker to scan certain process memory locations and gain access to potentially sensitive information.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Authentication Required

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Apple Inc.

iTunes

10.7

References

Related OSVDB ID: 85533 85534 85535 85537 85538
Generic Informational URL: http://carnal0wnage.attackresearch.com/2009/03/dumping-memory-to-extract-password.html
Other Advisory URL: http://core.yehg.net/lab/pr0js/advisories/%5Bmultiple-apps%5D_plain-text_storage_in_memory
http://core.yehg.net/lab/pr0js/training/view/CWE-316_plaintext-storage-in-memory/
Vendor URL: http://www.apple.com/itunes/
Generic Exploit URL: http://www.metasploit.com/modules/post/windows/gather/memory_grep/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85536