Kaspersky ID:
KLA11323
Дата обнаружения:
12/09/2018
Обновлено:
22/01/2024

Описание

Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files.

Below is a complete list of vulnerabilities:

  1. Assert failure vulnerability in WebKit can be exploited locally to cause denial of service;
  2. Vulnerability related to SecurityErrors can be exploited locally to gain privileges;
  3. Vulnerability in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
  4. Vulnerability related to iframe elements can be exploited to bypass security restrictions;
  5. A cross-site scripting vulnerability can be exploited to execute scripts in the context of another website;
  6. Multiple memory corruption vulnerabilities can be exploited to execute arbitrary code;
  7. A cross-site scripting vulnerability can be exploited to read local files.

Первичный источник обнаружения

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

Список CVE

  • CVE-2018-4191
    high
  • CVE-2018-4311
    high
  • CVE-2018-4316
    high
  • CVE-2018-4299
    high
  • CVE-2018-4323
    high
  • CVE-2018-4328
    high
  • CVE-2018-4358
    high
  • CVE-2018-4359
    high
  • CVE-2018-4319
    high
  • CVE-2018-4309
    warning
  • CVE-2018-4197
    high
  • CVE-2018-4306
    high
  • CVE-2018-4312
    high
  • CVE-2018-4314
    high
  • CVE-2018-4315
    high
  • CVE-2018-4317
    high
  • CVE-2018-4318
    high
  • CVE-2018-4345
    warning
  • CVE-2018-4361
    high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.