logo
DATABASE RESOURCES PRICING ABOUT US

About the security content of iTunes 12.10.8 for Windows - Apple Support

Description

## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## iTunes 12.10.8 for Windows Released July 30, 2020 **CoreGraphics** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9883: an anonymous researcher, Mickey Jin of Trend Micro Entry added September 21, 2020, updated December 15, 2020 **ImageIO** Available for: Windows 7 and later Impact: Multiple buffer overflow issues existed in openEXR Description: Multiple issues in openEXR were addressed with improved checks. CVE-2020-11758: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11759: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11760: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11761: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11762: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11763: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11764: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-11765: Xingwei Lin of Ant-financial Light-Year Security Lab Entry added September 8, 2020 **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab CVE-2020-9936: Mickey Jin of Trend Micro CVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab CVE-2020-9984: an anonymous researcher Entry updated September 21, 2020 **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2020-9919: Mickey Jin of Trend Micro **ImageIO** Available for: Windows 7 and later Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-9876: Mickey Jin of Trend Micro **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2020-9875: Mickey Jin of Trend Micro **WebKit** Available for: Windows 7 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative **WebKit** Available for: Windows 7 and later Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. CVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon **WebKit** Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2020-9925: an anonymous researcher **WebKit** Available for: Windows 7 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative CVE-2020-9895: Wen Xu of SSLab, Georgia Tech **WebKit** Available for: Windows 7 and later Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: Multiple issues were addressed with improved logic. CVE-2020-9910: Samuel GroƟ of Google Project Zero **WebKit Page Loading** Available for: Windows 7 and later Impact: A malicious attacker may be able to conceal the destination of a URL Description: A URL Unicode encoding issue was addressed with improved state management. CVE-2020-9916: Rakesh Mane (@RakeshMane10) **WebKit Web Inspector** Available for: Windows 7 and later Impact: Copying a URL from Web Inspector may lead to command injection Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. CVE-2020-9862: Ophir Lojkine (@lovasoa) ## Additional recognition **ImageIO** We would like to acknowledge Xingwei Lin of Ant-financial Light-Year Security Lab for their assistance. Entry added September 21, 2020


Affected Software


CPE Name Name Version
itunes 12.10.8

Related