Multiple vulnerabilities in Apple iTunes

Описание

Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in ICU can be exploited remotely to cause denial of service and possibly to execute arbitrary code;
2. Multiple vulnerabilities in Safari Reader feature can be exploited remotely to perform cross-site scripting attack;
3. A resource exhaustion vulnerability in WebKit can be exploited remotely to cause denial of service;
4. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via malicious website to execute arbitrary code.

Первичный источник обнаружения

• About the security content of iTunes 12.9.1
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2018-4398
  critical
• CVE-2018-4394
  critical
• CVE-2018-4374
  high
• CVE-2018-4377
  high
• CVE-2018-4409
  high
• CVE-2018-4378
  critical
• CVE-2018-4372
  critical
• CVE-2018-4373
  critical
• CVE-2018-4375
  critical
• CVE-2018-4376
  critical
• CVE-2018-4382
  critical
• CVE-2018-4386
  critical
• CVE-2018-4392
  critical
• CVE-2018-4416
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com