Kaspersky LabKLA11602KLA11602 Multiple vulnerabilities in Apple iTunes
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.793 High
EPSS
Percentile
98.2%
Detect date:
10/30/2019
Severity:
Critical
Description:
Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, cause denial of service.
Exploitation:
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products:
Apple iTunes earlier than 12.10.2
Solution:
Update to the latest version
Download iTunes
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2019-88159.3Critical
CVE-2019-87826.8High
CVE-2019-88226.8High
CVE-2019-88236.8High
CVE-2019-88086.8High
CVE-2019-87836.8High
CVE-2019-88116.8High
CVE-2019-88134.3Warning
CVE-2019-88126.8High
CVE-2019-88149.3Critical
CVE-2019-88196.8High
CVE-2019-88169.3Critical
CVE-2019-88014.4Warning
CVE-2019-87849.3Critical
CVE-2019-88206.8High
CVE-2019-88216.8High
CVE-2019-88274.3Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8783
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8784
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8801
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8816
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8820
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8821
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8827
statistics.securelist.com/vulnerability-scan/month
support.apple.com/kb/HT210726
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.793 High
EPSS
Percentile
98.2%