KLA11489
Multiple vulnerabilities in iTunes

Updated: 06/03/2020
Detect date
?
05/28/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information;
  2. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
  3. An input validation issue in SQLite can be exploited remotely to gain privileges;
  4. A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code;
  5. An input validation issue in SQLite can be exploited remotely to obtain sensitive information;
  6. A memory corruption vulnerability in SQLite can be exploited to gain privileges;
Affected products

ITunes version 12.9.5

Solution

Update to the latest version
Download iTunes

Original advisories

HT210124

Impacts
?
ACE 
[?]

OSI 
[?]

PE 
[?]
Related products
Apple iTunes
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region