Multiple vulnerabilities in Apple iTunes

Описание

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code and bypass security restrictions.

Below is a complete list of vulnerabilities:

1. An unknown vulnerability in CFNetwork can be exploited locally to obtain sensitive information;
2. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
3. A CORS (cross-origin resource sharing) vulnerability can be exploited remotely to bypass security restrictions;
4. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
5. A race condition vulnerability in WebKit can be exploited remotely to cause denial of service;
6. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to cause denial of service.

Первичный источник обнаружения

• About the security content of iTunes 12.8 for Windows
  

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2018-4293
  warning
• CVE-2018-4270
  warning
• CVE-2018-4278
  warning
• CVE-2018-4284
  high
• CVE-2018-4266
  warning
• CVE-2018-4261
  high
• CVE-2018-4262
  high
• CVE-2018-4263
  high
• CVE-2018-4264
  high
• CVE-2018-4265
  high
• CVE-2018-4267
  high
• CVE-2018-4272
  high
• CVE-2018-4271
  warning
• CVE-2018-4273
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com