Multiple vulnerabilities in Apple iTunes

Описание

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, bypass security restrictions and gain privileges.

Below is a complete list of vulnerabilities:

1. A type confusion vulnerability in WebKit can be exploited remotely to execute arbitrary code;
2. Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code;
3. Multiple logic vulnerabilities in WebKit can be exploited remotely to perform cross-site scripting attack;
4. A validation vulnerability in WebKit can be exploited remotely to obtain sensitive information;
5. A memory corruption vulnerability can be exploited loccaly to bypass security restrictions;
6. A buffer overflow vulnerability in CoreCrypto can be exploited locally to elevate privileges;
7. A cross-origin vulnerability in WebKit can be exploited locally to obtain sensitive information;

Первичный источник обнаружения

• HT209604
  

Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2019-7285
  critical
• CVE-2019-6201
  critical
• CVE-2019-8506
  critical
• CVE-2019-8518
  critical
• CVE-2019-8563
  high
• CVE-2019-8544
  critical
• CVE-2019-8551
  warning
• CVE-2019-8535
  critical
• CVE-2019-8523
  critical
• CVE-2019-8559
  high
• CVE-2019-8558
  high
• CVE-2019-8503
  critical
• CVE-2019-8556
  high
• CVE-2019-7292
  warning
• CVE-2019-8562
  high
• CVE-2019-8524
  high
• CVE-2019-8536
  critical
• CVE-2019-8542
  high
• CVE-2019-8515
  warning
• CVE-2019-8639
  high
• CVE-2019-8638
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com