Kaspersky Threats

Detect date

?

05/28/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information;
Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
An input validation issue in SQLite can be exploited remotely to gain privileges;
A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code;
An input validation issue in SQLite can be exploited remotely to obtain sensitive information;
A memory corruption vulnerability in SQLite can be exploited to gain privileges;

Affected products

ITunes version 12.9.5

Solution

Update to the latest version
Download iTunes

Original advisories

HT210124

Impacts

?

ACE

[?]

OSI

[?]

PE

[?]

Related products

Apple iTunes

CVE-IDS

?

CVE-2019-86016.8High
CVE-2019-86286.8High
CVE-2019-85974.3Warning
CVE-2019-86106.8High
CVE-2019-86226.8High
CVE-2019-86074.3Warning
CVE-2019-85716.8High
CVE-2019-85866.8High
CVE-2019-85836.8High
CVE-2019-86116.8High
CVE-2019-86154.3Warning
CVE-2019-85946.8High
CVE-2019-85956.8High
CVE-2019-85846.8High
CVE-2019-62376.8High
CVE-2019-85776.8High
CVE-2019-86007.5Critical
CVE-2019-86236.8High
CVE-2019-85984.3Warning
CVE-2019-86086.8High
CVE-2019-86196.8High
CVE-2019-86026.8High
CVE-2019-85876.8High
CVE-2019-85966.8High
CVE-2019-86096.8High
CVE-2019-85820.0Unknown

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	05/28/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in iTunes. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: An out-of-bounds read vulnerability in WebKit can be exploited remotely to obtain sensitive information; Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to gain privileges; A memory corruption vulnerability in SQLite can be exploited to execute arbitrary code; An input validation issue in SQLite can be exploited remotely to obtain sensitive information; A memory corruption vulnerability in SQLite can be exploited to gain privileges;
Affected products	ITunes version 12.9.5
Solution	Update to the latest version Download iTunes
Original advisories	HT210124
Impacts ?	ACE [?] OSI [?] PE [?]
Related products	Apple iTunes
CVE-IDS ?	CVE-2019-86016.8High CVE-2019-86286.8High CVE-2019-85974.3Warning CVE-2019-86106.8High CVE-2019-86226.8High CVE-2019-86074.3Warning CVE-2019-85716.8High CVE-2019-85866.8High CVE-2019-85836.8High CVE-2019-86116.8High CVE-2019-86154.3Warning CVE-2019-85946.8High CVE-2019-85956.8High CVE-2019-85846.8High CVE-2019-62376.8High CVE-2019-85776.8High CVE-2019-86007.5Critical CVE-2019-86236.8High CVE-2019-85984.3Warning CVE-2019-86086.8High CVE-2019-86196.8High CVE-2019-86026.8High CVE-2019-85876.8High CVE-2019-85966.8High CVE-2019-86096.8High CVE-2019-85820.0Unknown
	Find out the statistics of the vulnerabilities spreading in your region

KLA11489Multiple vulnerabilities in iTunes

KLA11489
Multiple vulnerabilities in iTunes