The host is installed with Apple iTunes before 11.2 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle Set-Cookie HTTP headers. Successful exploitation could allow attackers to strip security settings from the cookie by forcing the connection to close before the security settings were sent and then obtain the value of the unprotected cookie.