Multiple vulnerabilities in Apple iTunes

Описание

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

1. A memory corruption vulnerability in AppleKeyStore can be exploited to bypass security restrictions;
2. An out-of-bounds read vulnerability in Core Media can be exploited to gain privileges;
3. Multiple memory corruption vulnerabilities in SQLite can be exploited remotely to execute arbitrary code;
4. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
5. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely to execute arbitrary code;
6. A logic issue in WebKit can be exploited remotely to perform cross-site scripting attacks.

Первичный источник обнаружения

• About the security content of iTunes 12.9.3 for Windows
  

Эксплуатация

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2019-6235
  critical
• CVE-2019-6221
  high
• CVE-2018-20346
  high
• CVE-2018-20505
  warning
• CVE-2018-20506
  high
• CVE-2019-6215
  high
• CVE-2019-6212
  high
• CVE-2019-6216
  high
• CVE-2019-6217
  high
• CVE-2019-6226
  high
• CVE-2019-6227
  high
• CVE-2019-6233
  high
• CVE-2019-6234
  high
• CVE-2019-6229
  warning

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com