Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An out-of-bounds read vulnerability in CoreGraphics can be exploited remotely via specially crafted website to execute arbitrary code;
2. Unspecified vulnerabilities can be exploited locally to obtain sensitive information;
3. A race condition vulnerability in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
4. A type confussion vulnerability in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
5. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
6. An unspecified vulnerability in WebKit can be exploited remotely via specially crafted website to spoof user interface;
7. A buffer overflow vulnerability in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
8. An unspecified vulnerability in WebKit can be exploited remotely via specially crafted website to obtain sensitive information;
9. An out-of-bounds read vulnerability in WebKit can be exploited remotely via specially crafted website to execute arbitrary code.

Apple iTunes earlier than 12.7.5

Update to the latest version
Download iTunes