Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11408
Multiple vulnerabilities in Apple iTunes

Updated: 06/18/2020
Detect date
?
 01/24/2019
Severity
?
 Critical
Description

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in AppleKeyStore can be exploited to bypass security restrictions;
  2. An out-of-bounds read vulnerability in Core Media can be exploited to gain privileges;
  3. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to execute arbitrary code;
  4. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
  5. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
  6. A logic issue in WebKit can be exploited remotely to perform cross-site scripting attacks.
Affected products

Apple iTunes earlier than 12.9.3
Solution

Update to the latest version
Download iTunes
Original advisories

About the security content of iTunes 12.9.3 for Windows
Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
 Apple iTunes
CVE-IDS
?
CVE-2019-62357.5Critical
CVE-2019-62216.8High
CVE-2018-203466.8High
CVE-2018-205055.0Critical
CVE-2018-205066.8High
CVE-2019-62156.8High
CVE-2019-62126.8High
CVE-2019-62166.8High
CVE-2019-62176.8High
CVE-2019-62266.8High
CVE-2019-62276.8High
CVE-2019-62336.8High
CVE-2019-62346.8High
CVE-2019-62294.3Warning
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/46448
Find out the statistics of the vulnerabilities spreading in your region
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up