Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11408
Multiple vulnerabilities in Apple iTunes
Updated: 06/18/2020
Detect date
?
 01/24/2019
Severity
?
 Critical
Description

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in AppleKeyStore can be exploited to bypass security restrictions;
  2. An out-of-bounds read vulnerability in Core Media can be exploited to gain privileges;
  3. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to execute arbitrary code;
  4. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
  5. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
  6. A logic issue in WebKit can be exploited remotely to perform cross-site scripting attacks.
Affected products

Apple iTunes earlier than 12.9.3
Solution

Update to the latest version
Download iTunes
Original advisories

About the security content of iTunes 12.9.3 for Windows
Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
 Apple iTunes
CVE-IDS
?
CVE-2019-62357.5Critical
CVE-2019-62217.8Critical
CVE-2018-203467.5Critical
CVE-2018-205050.0Unknown
CVE-2018-205060.0Unknown
CVE-2019-62158.8Critical
CVE-2019-62128.8Critical
CVE-2019-62168.8Critical
CVE-2019-62178.8Critical
CVE-2019-62268.8Critical
CVE-2019-62278.8Critical
CVE-2019-62338.8Critical
CVE-2019-62348.8Critical
CVE-2019-62296.1High
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/46448
© 2020 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up