KLA11408
Multiple vulnerabilities in Apple iTunes
Updated: 06/26/2019
Detect date
?
01/24/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in AppleKeyStore can be exploited to bypass security restrictions;
  2. An out-of-bounds read vulnerability in Core Media can be exploited to gain privileges;
  3. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to execute arbitrary code;
  4. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
  5. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
  6. A logic issue in WebKit can be exploited remotely to perform cross-site scripting attacks.
Affected products

Apple iTunes earlier than 12.9.3

Solution

Update to the latest version
Download iTunes

Original advisories

About the security content of iTunes 12.9.3 for Windows

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Apple iTunes
CVE-IDS
?
CVE-2019-62357.5Critical
CVE-2019-62217.8Critical
CVE-2018-203467.5Critical
CVE-2018-205050.0Unknown
CVE-2018-205060.0Unknown
CVE-2019-62158.8Critical
CVE-2019-62128.8Critical
CVE-2019-62168.8Critical
CVE-2019-62178.8Critical
CVE-2019-62268.8Critical
CVE-2019-62278.8Critical
CVE-2019-62338.8Critical
CVE-2019-62348.8Critical
CVE-2019-62296.1High