VIR Vulnerability Intelligence Relay

CVE-2012-0636

high
Published 2012-03-08 · Modified 2026-04-29
CVSS v3
CVSS v2
7.6
VIR risk
7.6

Description

WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html

Application impact
VendorProductVersionsFixed
appleitunes{"endIncluding":"10.5.3"}
appleitunes4.0.0
appleitunes4.0.1
appleitunes4.1.0
appleitunes4.2.0
appleitunes4.5.0
appleitunes4.6.0
appleitunes4.7.0
appleitunes4.7.1
appleitunes4.7.2
appleitunes4.8.0
appleitunes4.9.0
appleitunes5.0.0
appleitunes5.0.1
appleitunes6.0.0
appleitunes6.0.1
appleitunes6.0.2
appleitunes6.0.3
appleitunes6.0.4
appleitunes6.0.5
appleitunes7.0.0
appleitunes7.0.1
appleitunes7.0.2
appleitunes7.1.0
appleitunes7.1.1
appleitunes7.2.0
appleitunes7.3.0
appleitunes7.3.1
appleitunes7.3.2
appleitunes7.4.0
appleitunes7.4.1
appleitunes7.4.2
appleitunes7.4.3
appleitunes7.5.0
appleitunes7.6.0
appleitunes7.6.1
appleitunes7.6.2
appleitunes7.7.0
appleitunes7.7.1
appleitunes8.0.0
appleitunes8.0.1
appleitunes9.0.0
appleitunes9.0.1
appleitunes9.0.2
appleitunes9.0.3
appleitunes9.1
appleitunes9.1.1
appleitunes9.2
appleitunes9.2.1
appleitunes10.0
appleitunes10.0.1
appleitunes10.1
appleitunes10.1.1
appleitunes10.1.2
appleitunes10.2
appleitunes10.3
appleitunes10.3.1
appleitunes10.4
appleitunes10.4.1
appleitunes10.5
appleitunes10.5.1
appleitunes10.5.2
applewebkit
applesafari{"endIncluding":"5.1.4"}

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.