Kaspersky Threats

KLA11281
Multiple vulnerabilities in Apple iTunes

Updated: 06/18/2020

Detect date ?	03/29/2018
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities: A buffer overflow vulnerability can be exploited locally to gain privileges; Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code; Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service; A cross-origin vulnerability can be exploited remotely to obtain sensitive information; Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.
Affected products	Apple iTunes earlier than 12.7.4
Solution	Update to latest version Download iTunes
Original advisories	About the security content of iTunes 12.7.4 for Windows
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] WLF [?] PE [?] SUI [?]
Related products	Apple iTunes
CVE-IDS ?	CVE-2018-41134.3Warning CVE-2018-41146.8High CVE-2018-41170.0Unknown CVE-2018-41186.8High CVE-2018-41196.8High CVE-2018-41206.8High CVE-2018-41216.8High CVE-2018-41226.8High CVE-2018-41256.8High CVE-2018-41276.8High CVE-2018-41286.8High CVE-2018-41296.8High CVE-2018-41306.8High CVE-2018-42070.0Unknown CVE-2018-42080.0Unknown CVE-2018-42090.0Unknown CVE-2018-42100.0Unknown CVE-2018-42120.0Unknown CVE-2018-42130.0Unknown CVE-2018-41449.3Critical CVE-2018-41464.3Warning CVE-2018-41616.8High CVE-2018-41626.8High CVE-2018-41636.8High CVE-2018-41656.8High CVE-2018-41016.8High
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/44427