KLA11281
Multiple vulnerabilities in Apple iTunes
Обновлено: 26/06/2019
Дата обнаружения
29/03/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A buffer overflow vulnerability can be exploited locally to gain privileges;
  2. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
  3. Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service;
  4. A cross-origin vulnerability can be exploited remotely to obtain sensitive information;
  5. Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.
Пораженные продукты

Apple iTunes earlier than 12.7.4

Решение

Update to latest version
Download iTunes

Первичный источник обнаружения
About the security content of iTunes 12.7.4 for Windows
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

WLF 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Apple iTunes
CVE-IDS