Description
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code and bypass security restrictions.
Below is a complete list of vulnerabilities:
- An unknown vulnerability in CFNetwork can be exploited locally to obtain sensitive information;
- Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
- A CORS (cross-origin resource sharing) vulnerability can be exploited remotely to bypass security restrictions;
- A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
- A race condition vulnerability in WebKit can be exploited remotely to cause denial of service;
- Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to cause denial of service.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
- CVE-2018-4293 high
- CVE-2018-4270 high
- CVE-2018-4278 warning
- CVE-2018-4284 critical
- CVE-2018-4266 high
- CVE-2018-4261 critical
- CVE-2018-4262 critical
- CVE-2018-4263 critical
- CVE-2018-4264 critical
- CVE-2018-4265 critical
- CVE-2018-4267 critical
- CVE-2018-4272 critical
- CVE-2018-4271 high
- CVE-2018-4273 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!