Kaspersky Threats

Detect date

?

03/29/2018

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

A buffer overflow vulnerability can be exploited locally to gain privileges;
Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service;
A cross-origin vulnerability can be exploited remotely to obtain sensitive information;
Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.

Affected products

Apple iTunes earlier than 12.7.4

Solution

Update to latest version
Download iTunes

Original advisories

About the security content of iTunes 12.7.4 for Windows

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

WLF

[?]

PE

[?]

SUI

[?]

Related products

Apple iTunes

CVE-IDS

?

CVE-2018-41134.3Warning
CVE-2018-41146.8High
CVE-2018-41170.0Unknown
CVE-2018-41186.8High
CVE-2018-41196.8High
CVE-2018-41206.8High
CVE-2018-41216.8High
CVE-2018-41226.8High
CVE-2018-41256.8High
CVE-2018-41276.8High
CVE-2018-41286.8High
CVE-2018-41296.8High
CVE-2018-41306.8High
CVE-2018-42070.0Unknown
CVE-2018-42080.0Unknown
CVE-2018-42090.0Unknown
CVE-2018-42100.0Unknown
CVE-2018-42120.0Unknown
CVE-2018-42130.0Unknown
CVE-2018-41449.3Critical
CVE-2018-41464.3Warning
CVE-2018-41616.8High
CVE-2018-41626.8High
CVE-2018-41636.8High
CVE-2018-41656.8High
CVE-2018-41016.8High

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/44427

Detect date ?	03/29/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities: A buffer overflow vulnerability can be exploited locally to gain privileges; Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code; Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service; A cross-origin vulnerability can be exploited remotely to obtain sensitive information; Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.
Affected products	Apple iTunes earlier than 12.7.4
Solution	Update to latest version Download iTunes
Original advisories	About the security content of iTunes 12.7.4 for Windows
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] WLF [?] PE [?] SUI [?]
Related products	Apple iTunes
CVE-IDS ?	CVE-2018-41134.3Warning CVE-2018-41146.8High CVE-2018-41170.0Unknown CVE-2018-41186.8High CVE-2018-41196.8High CVE-2018-41206.8High CVE-2018-41216.8High CVE-2018-41226.8High CVE-2018-41256.8High CVE-2018-41276.8High CVE-2018-41286.8High CVE-2018-41296.8High CVE-2018-41306.8High CVE-2018-42070.0Unknown CVE-2018-42080.0Unknown CVE-2018-42090.0Unknown CVE-2018-42100.0Unknown CVE-2018-42120.0Unknown CVE-2018-42130.0Unknown CVE-2018-41449.3Critical CVE-2018-41464.3Warning CVE-2018-41616.8High CVE-2018-41626.8High CVE-2018-41636.8High CVE-2018-41656.8High CVE-2018-41016.8High
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/44427

KLA11281Multiple vulnerabilities in Apple iTunes

KLA11281
Multiple vulnerabilities in Apple iTunes