KLA11455
Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions and gain privileges.

Below is a complete list of vulnerabilities:

1. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
2. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code;
3. Multiple logic vulnerabilities in WebKit can be exploited remotely to perform cross-site scripting attack;
4. A validation vulnerability in WebKit can be exploited remotely to obtain sensitive information;
5. A memory corruption vulnerability can be exploited loccaly to bypass security restrictions;
6. A buffer overflow vulnerability in CoreCrypto can be exploited locally to elevate privileges;
7. A cross-origin vulnerability in WebKit can be exploited locally to obtain sensitive information;

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Apple iTunes earlier than 12.9.4

Update to the latest version
Download iTunes

HT209604