Multiple vulnerabilities in Apple iTunes

Описание

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. Multiple memory corruption vulnerabilities in WebKit can be exploited to execute arbitrary code.
2. A buffer overflow vulnerability in libxml2 can be exploited to execute arbitrary code.
3. An out-of-bounds vulnerability in ImageIO can be exploited to execute arbitrary code.
4. Multiple memory corruption vulnerabilities in WebKit Page Loading can be exploited to execute arbitrary code.
5. A logic vulnerability in WebKit can be exploited to perform cross-site scripting attacks.
6. A memory handling vulnerability in WebKit can be exploited to cause a denial of service
7. A security vulnerability in Mobile Device Service can be exploited to bypass security restrictions.
8. A DOM object context vulnerability in WebKit Page Loading can be exploited to bypass security restrictions.

Первичный источник обнаружения

• HT210923
  

Связанные продукты

• Apple-iTunes

Список CVE

• CVE-2020-3868
  critical
• CVE-2020-3846
  high
• CVE-2020-3826
  high
• CVE-2020-3865
  high
• CVE-2020-3825
  high
• CVE-2020-3867
  warning
• CVE-2020-3862
  warning
• CVE-2020-3861
  warning
• CVE-2020-3864
  high

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com