Lucene search

Kaspersky LabKLA11384

HistoryDec 12, 2018 - 12:00 a.m.

KLA11384 Multiple vulnerabilities in Apple iTunes

2018-12-1200:00:00

Kaspersky Lab

threats.kaspersky.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

0.903 High

EPSS

Percentile

98.8%

JSON

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

Multiple vulnerabilities can be exploited remotely to spoof user interface;
Multiple memory corruption vulnerabilities can be exploited remotely to execute arbitrary code;

Original advisories

About the security content of iTunes 12.9.2 for Windows

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Apple-iTunes

CVE list

CVE-2018-4440 warning

CVE-2018-4439 warning

CVE-2018-4437 high

CVE-2018-4464 high

CVE-2018-4441 high

CVE-2018-4442 high

CVE-2018-4443 high

CVE-2018-4438 high

Solution

Update to the latest version

Download iTunes

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.