Multiple vulnerabilities at Apple iTunes

Описание

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service.

Below is a complete list of vulnerabilities

1. Multiple memory corruptions at WebKit can be exploited via iTunes Store manipulations;
2. Multiple memory corruptions can be exploited via vectors related to CoreText.

---

Technical details

(1) can be triggered via man-in-the-middle attack while browsing iTunes Store.

(2) caused by improper memory handling while text files processing.

Первичный источник обнаружения

• Apple advisory
  

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2015-7012
  high
• CVE-2015-7011
  high
• CVE-2015-7017
  high
• CVE-2015-7014
  high
• CVE-2015-6975
  high
• CVE-2015-6992
  high
• CVE-2015-7013
  high
• CVE-2015-5931
  high
• CVE-2015-7002
  high
• CVE-2015-5929
  high
• CVE-2015-5930
  high
• CVE-2015-5928
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com