KLA11281
Multiple vulnerabilities in Apple iTunes
Updated: 06/26/2019
Detect date
?
03/29/2018
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally to gain privileges;
  2. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
  3. Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service;
  4. A cross-origin vulnerability can be exploited remotely to obtain sensitive information;
  5. Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.
Affected products

Apple iTunes earlier than 12.7.4

Solution

Update to latest version
Download iTunes

Original advisories

About the security content of iTunes 12.7.4 for Windows

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

WLF 
[?]

PE 
[?]

SUI 
[?]
Related products
Apple iTunes
CVE-IDS
?