Multiple vulnerabilities in Apple iTunes

Описание

Multiple serious vulnerabilities have been found in iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

1. Multiple memory corruptions at CoreText, WebKit and ICU can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
2. Improper library loading at Microsoft Visual C++ Redistributable Package can be exploited remotely via a specially designed media file to cause denial of service;
3. Improper network connection handling can be exploited remotely via an unknown vectors to obtain sensitive information.

---

Technical details

(3) can be exploited to obtain encrypted SMB credentials.

Первичный источник обнаружения

• Apple advisory
  

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2015-1152
  high
• CVE-2015-1153
  high
• CVE-2015-3741
  high
• CVE-2015-3746
  high
• CVE-2015-3743
  high
• CVE-2015-5755
  high
• CVE-2015-3688
  high
• CVE-2015-1205
  critical
• CVE-2015-3747
  high
• CVE-2015-3744
  high
• CVE-2015-5806
  high
• CVE-2015-3734
  high
• CVE-2015-3748
  high
• CVE-2015-3742
  high
• CVE-2015-3738
  high
• CVE-2015-3740
  high
• CVE-2015-3733
  high
• CVE-2015-5822
  high
• CVE-2015-5803
  high
• CVE-2015-5823
  high
• CVE-2015-5804
  high
• CVE-2015-5797
  high
• CVE-2015-5796
  high
• CVE-2015-1157
  critical
• CVE-2015-3745
  high
• CVE-2015-5790
  high
• CVE-2015-5810
  high
• CVE-2015-5811
  high
• CVE-2015-5795
  high
• CVE-2015-5794
  high
• CVE-2015-5793
  high
• CVE-2015-5792
  high
• CVE-2015-5920
  warning
• CVE-2015-5805
  high
• CVE-2015-3730
  high
• CVE-2015-5761
  high
• CVE-2015-5813
  high
• CVE-2015-5812
  high
• CVE-2015-5791
  high
• CVE-2015-5789
  high
• CVE-2015-5814
  high
• CVE-2015-5819
  high
• CVE-2015-5799
  high
• CVE-2015-3686
  high
• CVE-2015-3687
  high
• CVE-2015-5815
  high
• CVE-2015-5807
  high
• CVE-2015-5817
  high
• CVE-2015-5816
  high
• CVE-2015-3735
  high
• CVE-2015-3736
  high
• CVE-2015-5801
  high
• CVE-2015-5802
  high
• CVE-2015-5798
  high
• CVE-2015-5808
  high
• CVE-2015-5818
  high
• CVE-2015-3749
  high
• CVE-2015-3737
  high
• CVE-2015-3731
  high
• CVE-2015-3739
  high
• CVE-2014-8146
  critical
• CVE-2010-3190
  critical
• CVE-2015-5800
  high
• CVE-2015-5821
  high
• CVE-2015-5874
  critical
• CVE-2015-5809
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com