Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11281
HistoryMar 29, 2018 - 12:00 a.m.

KLA11281 Multiple vulnerabilities in Apple iTunes

2018-03-2900:00:00
Kaspersky Lab
threats.kaspersky.com
24

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

JSON

Detect date:

03/29/2018

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.

Affected products:

Apple iTunes earlier than 12.7.4

Solution:

Update to latest version
Download iTunes

Original advisories:

About the security content of iTunes 12.7.4 for Windows

Impacts:

ACE

Related products:

Apple iTunes

CVE-IDS:

CVE-2018-41134.3Warning
CVE-2018-41146.8High
CVE-2018-41174.3Warning
CVE-2018-41186.8High
CVE-2018-41196.8High
CVE-2018-41206.8High
CVE-2018-41216.8High
CVE-2018-41226.8High
CVE-2018-41256.8High
CVE-2018-41276.8High
CVE-2018-41286.8High
CVE-2018-41296.8High
CVE-2018-41306.8High
CVE-2018-42076.8High
CVE-2018-42086.8High
CVE-2018-42096.8High
CVE-2018-42106.8High
CVE-2018-42126.8High
CVE-2018-42136.8High
CVE-2018-41449.3Critical
CVE-2018-41464.3Warning
CVE-2018-41616.8High
CVE-2018-41626.8High
CVE-2018-41636.8High
CVE-2018-41656.8High
CVE-2018-41016.8High

Exploitation:

Public exploits exist for this vulnerability.

References

Related

apple 12
openvas 20
nessus 24
mageia 2
ubuntu 2
suse 5
gentoo 3
ubuntucve 25
zdt 3
redhatcve 2
debiancve 24
prion 26
cve 26
zdi 9
veracode 1
packetstorm 1
metasploit 1
googleprojectzero 2
myhack58 1
redhat 2
centos 1
debian 2
kaspersky 1
fedora 1
osv 1
freebsd 1
chrome 1
apple
apple
About the security content of iTunes 12.7.4 for Windows
2018-03-29 00:00:00
About the security content of iTunes 12.7.4 for Windows - Apple Support
2018-05-02 05:10:03
About the security content of iCloud for Windows 7.4
2018-03-29 00:00:00
openvas
openvas
Apple iTunes Security Updates (HT208694) - Windows
2018-04-02 00:00:00
Apple iCloud Security Updates (HT208697) - Windows
2018-04-02 00:00:00
Ubuntu: Security Advisory (USN-3635-1)
2018-05-01 00:00:00
nessus
nessus
Apple iTunes < 12.7.3 WebKit Multiple Vulnerabilities (uncredentialed check)
2018-04-03 00:00:00
Apple iTunes < 12.7.4 WebKit Multiple Vulnerabilities (credentialed check)
2018-04-03 00:00:00
Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3635-1)
2018-05-01 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2018-04-30 22:08:07
Updated chromium-browser-stable packages fix security vulnerabilities
2018-08-18 01:27:23
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2018-04-30 00:00:00
WebKitGTK+ vulnerabilities
2018-10-03 00:00:00
suse
suse
Security update for webkit2gtk3 (moderate)
2018-10-26 00:11:58
Security update for webkit2gtk3 (important)
2019-01-23 00:00:00
Security update for webkit2gtk3 (important)
2019-01-21 00:00:00
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-08-22 00:00:00
WebkitGTK+: Multiple vulnerabilities
2018-12-02 00:00:00
Chromium, Google Chrome: Multiple vulnerabilities
2018-08-22 00:00:00
ubuntucve
ubuntucve
CVE-2018-4118
2018-04-03 00:00:00
CVE-2018-4119
2018-04-03 00:00:00
CVE-2018-4121
2018-04-03 00:00:00
zdt
zdt
WebKit - WebAssembly Parsing Does not Correctly Check Section Order Vulnerability
2018-04-09 00:00:00
Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit
2020-08-15 00:00:00
WebKitGTK+ Memory Corruption / Code Execution Vulnerability
2018-05-09 00:00:00
redhatcve
redhatcve
CVE-2018-4121
2018-05-12 09:23:36
CVE-2018-4117
2018-07-25 06:59:08
debiancve
debiancve
CVE-2018-4118
2018-04-03 06:29:00
CVE-2018-4119
2018-04-03 06:29:00
CVE-2018-4120
2018-04-03 06:29:00
prion
prion
Memory corruption
2018-04-03 06:29:00
Memory corruption
2018-04-03 06:29:00
Memory corruption
2018-04-03 06:29:00
cve
cve
CVE-2018-4118
2018-04-03 06:29:00
CVE-2018-4146
2018-04-03 06:29:00
CVE-2018-4119
2018-04-03 06:29:00
zdi
zdi
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
2018-04-06 00:00:00
Apple Safari Math floor Type Confusion Remote Code Execution Vulnerability
2018-04-06 00:00:00
Apple Safari Math abs Type Confusion Remote Code Execution Vulnerability
2018-04-06 00:00:00
veracode
veracode
Information Disclosure
2020-09-21 06:38:09
packetstorm
packetstorm
Safari Webkit For iOS 7.1.2 JIT Optimization Bug
2020-08-14 00:00:00
metasploit
metasploit
Safari Webkit JIT Exploit for iOS 7.1.2
2020-07-27 07:05:31
googleprojectzero
googleprojectzero
The Problems and Promise of WebAssembly
2018-08-16 00:00:00
JSC Exploits
2019-08-29 00:00:00
myhack58
myhack58
In-depth exploration found in the wild iOS exploit chain VI-vulnerability warning-the black bar safety net
2019-09-17 00:00:00
redhat
redhat
(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update
2018-10-30 04:22:45
(RHSA-2018:2282) Important: chromium-browser security update
2018-07-30 13:26:38
centos
centos
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
debian
debian
[SECURITY] [DSA 4256-1] chromium-browser security update
2018-07-27 05:15:51
[SECURITY] [DSA 4256-1] chromium-browser security update
2018-07-27 05:15:51
kaspersky
kaspersky
KLA11298 Multiple vulnerabilities in Google Chrome
2018-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: chromium-68.0.3440.106-3.fc28
2018-08-26 17:41:43
osv
osv
chromium-browser - security update
2018-07-26 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2018-07-24 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2018-07-24 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.15 Low

EPSS

Percentile

95.7%

JSON
Related for KLA11281
apple12openvas20nessus24mageia2ubuntu2suse5gentoo3ubuntucve25zdt3redhatcve2debiancve24prion26cve26zdi9veracode1packetstorm1metasploit1googleprojectzero2myhack581redhat2centos1debian2kaspersky1fedora1osv1freebsd1chrome1