Kaspersky LabKLA11292KLA11292 Multiple vulnerabilities in Apple iTunes
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.5%
Detect date:
07/09/2018
Severity:
Critical
Description:
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, execute arbitrary code and bypass security restrictions.
Affected products:
Apple iTunes earlier than 12.8
Solution:
Update to the latest version
Download iTunes
Original advisories:
About the security content of iTunes 12.8 for Windows
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2018-42935.0Warning
CVE-2018-42704.3Warning
CVE-2018-42784.3Warning
CVE-2018-42846.8High
CVE-2018-42664.3Warning
CVE-2018-42616.8High
CVE-2018-42626.8High
CVE-2018-42636.8High
CVE-2018-42646.8High
CVE-2018-42656.8High
CVE-2018-42676.8High
CVE-2018-42726.8High
CVE-2018-42714.3Warning
CVE-2018-42734.3Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4261
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4262
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4264
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4265
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4266
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4267
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4272
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4273
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4278
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4293
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT208933
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
81.5%