Kaspersky LabKLA11075KLA11075 Multiple vulnerabilities in Apple iTunes
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.085 Low
EPSS
Percentile
94.3%
Detect date:
07/19/2017
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.
Affected products:
Apple iTunes versions earlier than 12.6.2
Solution:
Update to the latest version
Download iTunes
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2017-70419.3Critical
CVE-2017-70429.3Critical
CVE-2017-70436.8High
CVE-2017-70466.8High
CVE-2017-70486.8High
CVE-2017-70496.8High
CVE-2017-70526.8High
CVE-2017-70539.3Critical
CVE-2017-70556.8High
CVE-2017-70566.8High
CVE-2017-70616.8High
CVE-2017-70644.3Warning
CVE-2017-70106.8High
CVE-2017-70126.8High
CVE-2017-70136.8High
CVE-2017-70186.8High
CVE-2017-70196.8High
CVE-2017-70206.8High
CVE-2017-70306.8High
CVE-2017-70346.8High
CVE-2017-70376.8High
CVE-2017-70396.8High
CVE-2017-70406.8High
Exploitation:
Public exploits exist for this vulnerability.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7064
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT207928
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.085 Low
EPSS
Percentile
94.3%