Kaspersky ID:
KLA10669
Detect Date:
09/16/2015
Updated:
09/26/2023

Description

Multiple serious vulnerabilities have been found in iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Multiple memory corruptions at CoreText, WebKit and ICU can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
  2. Improper library loading at Microsoft Visual C++ Redistributable Package can be exploited remotely via a specially designed media file to cause denial of service;
  3. Improper network connection handling can be exploited remotely via an unknown vectors to obtain sensitive information.

Technical details

(3) can be exploited to obtain encrypted SMB credentials.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

CVE list

  • CVE-2015-1152
    high
  • CVE-2015-1153
    high
  • CVE-2015-3741
    high
  • CVE-2015-3746
    high
  • CVE-2015-3743
    high
  • CVE-2015-5755
    high
  • CVE-2015-3688
    high
  • CVE-2015-1205
    critical
  • CVE-2015-3747
    high
  • CVE-2015-3744
    high
  • CVE-2015-5806
    high
  • CVE-2015-3734
    high
  • CVE-2015-3748
    high
  • CVE-2015-3742
    high
  • CVE-2015-3738
    high
  • CVE-2015-3740
    high
  • CVE-2015-3733
    high
  • CVE-2015-5822
    high
  • CVE-2015-5803
    high
  • CVE-2015-5823
    high
  • CVE-2015-5804
    high
  • CVE-2015-5797
    high
  • CVE-2015-5796
    high
  • CVE-2015-1157
    critical
  • CVE-2015-3745
    high
  • CVE-2015-5790
    high
  • CVE-2015-5810
    high
  • CVE-2015-5811
    high
  • CVE-2015-5795
    high
  • CVE-2015-5794
    high
  • CVE-2015-5793
    high
  • CVE-2015-5792
    high
  • CVE-2015-5920
    warning
  • CVE-2015-5805
    high
  • CVE-2015-3730
    high
  • CVE-2015-5761
    high
  • CVE-2015-5813
    high
  • CVE-2015-5812
    high
  • CVE-2015-5791
    high
  • CVE-2015-5789
    high
  • CVE-2015-5814
    high
  • CVE-2015-5819
    high
  • CVE-2015-5799
    high
  • CVE-2015-3686
    high
  • CVE-2015-3687
    high
  • CVE-2015-5815
    high
  • CVE-2015-5807
    high
  • CVE-2015-5817
    high
  • CVE-2015-5816
    high
  • CVE-2015-3735
    high
  • CVE-2015-3736
    high
  • CVE-2015-5801
    high
  • CVE-2015-5802
    high
  • CVE-2015-5798
    high
  • CVE-2015-5808
    high
  • CVE-2015-5818
    high
  • CVE-2015-3749
    high
  • CVE-2015-3737
    high
  • CVE-2015-3731
    high
  • CVE-2015-3739
    high
  • CVE-2014-8146
    critical
  • CVE-2010-3190
    critical
  • CVE-2015-5800
    high
  • CVE-2015-5821
    high
  • CVE-2015-5874
    critical
  • CVE-2015-5809
    high

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.