Kaspersky Threats

Detect date

?

05/28/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information;
Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
An input validation issue in SQLite can be exploited remotely to gain privileges;
A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code;
An input validation issue in SQLite can be exploited remotely to obtain sensitive information;
A memory corruption vulnerability in SQLite can be exploited to gain privileges;

Affected products

ITunes version 12.9.5

Solution

Update to the latest version
Download iTunes

Original advisories

HT210124

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

Related products

Apple iTunes

CVE-IDS

?

Detect date ?	05/28/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information; Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to gain privileges; A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to obtain sensitive information; A memory corruption vulnerability in SQLite can be exploited to gain privileges;
Affected products	ITunes version 12.9.5
Solution	Update to the latest version Download iTunes
Original advisories	HT210124
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Apple iTunes
CVE-IDS ?	CVE-2019-86010.0Unknown CVE-2019-86280.0Unknown CVE-2019-85970.0Unknown CVE-2019-86100.0Unknown CVE-2019-86220.0Unknown CVE-2019-86070.0Unknown CVE-2019-85710.0Unknown CVE-2019-85860.0Unknown CVE-2019-85830.0Unknown CVE-2019-86110.0Unknown CVE-2019-86150.0Unknown CVE-2019-85940.0Unknown CVE-2019-85950.0Unknown CVE-2019-85840.0Unknown CVE-2019-62370.0Unknown CVE-2019-85770.0Unknown CVE-2019-86000.0Unknown CVE-2019-86230.0Unknown CVE-2019-85980.0Unknown CVE-2019-86080.0Unknown CVE-2019-86190.0Unknown CVE-2019-86020.0Unknown CVE-2019-85870.0Unknown CVE-2019-85960.0Unknown CVE-2019-86090.0Unknown CVE-2019-85820.0Unknown

KLA11489Multiple vulnerabilities in iTunes

KLA11489
Multiple vulnerabilities in iTunes