Kaspersky Threats

KLA11489
Multiple vulnerabilities in iTunes

Updated: 01/24/2020

Detect date ?	05/28/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information; Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to gain privileges; A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to obtain sensitive information; A memory corruption vulnerability in SQLite can be exploited to gain privileges;
Affected products	ITunes version 12.9.5
Solution	Update to the latest version Download iTunes
Original advisories	HT210124
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Apple iTunes
CVE-IDS ?	CVE-2019-86010.0Unknown CVE-2019-86280.0Unknown CVE-2019-85970.0Unknown CVE-2019-86100.0Unknown CVE-2019-86220.0Unknown CVE-2019-86070.0Unknown CVE-2019-85710.0Unknown CVE-2019-85860.0Unknown CVE-2019-85830.0Unknown CVE-2019-86110.0Unknown CVE-2019-86150.0Unknown CVE-2019-85940.0Unknown CVE-2019-85950.0Unknown CVE-2019-85840.0Unknown CVE-2019-62370.0Unknown CVE-2019-85770.0Unknown CVE-2019-86000.0Unknown CVE-2019-86230.0Unknown CVE-2019-85980.0Unknown CVE-2019-86080.0Unknown CVE-2019-86190.0Unknown CVE-2019-86020.0Unknown CVE-2019-85870.0Unknown CVE-2019-85960.0Unknown CVE-2019-86090.0Unknown CVE-2019-85820.0Unknown