Kaspersky LabKLA11651KLA11651 Multiple vulnerabilities in Apple iTunes
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.4%
Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions.
Below is a complete list of vulnerabilities:
- Multiple memory corruption vulnerabilities in WebKit can be exploited to execute arbitrary code.
- A buffer overflow vulnerability in libxml2 can be exploited to execute arbitrary code.
- An out-of-bounds vulnerability in ImageIO can be exploited to execute arbitrary code.
- Multiple memory corruption vulnerabilities in WebKit Page Loading can be exploited to execute arbitrary code.
- A logic vulnerability in WebKit can be exploited to perform cross-site scripting attacks.
- A memory handling vulnerability in WebKit can be exploited to cause a denial of service
- A security vulnerability in Mobile Device Service can be exploited to bypass security restrictions.
- A DOM object context vulnerability in WebKit Page Loading can be exploited to bypass security restrictions.
Original advisories
Related products
CVE list
CVE-2020-3868 critical
CVE-2020-3846 high
CVE-2020-3826 high
CVE-2020-3865 high
CVE-2020-3825 high
CVE-2020-3867 warning
CVE-2020-3862 warning
CVE-2020-3861 warning
CVE-2020-3864 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
- XSS/CSS
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Affected Products
- Apple iTunes earlier than 12.10.4
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
79.4%