The host is installed with Google Chrome before before 8.0.552.215, Apple Safari before 5.0.4 and earlier or Apple iTunes before 10.2 and is prone to double free vulnerability. The flaw is present in application, which fails to handle vectors related to XPath handling. Successful exploitation allows remote attackers to cause a denial of service.