CVE-2009-0143

N/A Unknown

Published: March 14, 2009 Modified: April 23, 2026

Description

Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.html

Source: cve@mitre.org

Mailing List Patch Vendor Advisory

http://osvdb.org/52579

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/34254

Source: cve@mitre.org

Third Party Advisory

http://securitytracker.com/id?1021843

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://support.apple.com/kb/HT3487

Source: cve@mitre.org

Patch Vendor Advisory

http://www.securityfocus.com/bid/34094

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.vupen.com/english/advisories/2009/0702

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49201

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5336

Source: cve@mitre.org

Third Party Advisory

http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.html