Lucene search

K
kasperskyKaspersky LabKLA12486
HistoryMar 08, 2022 - 12:00 a.m.

KLA12486 Multiple vulnerabilities in Apple iTunes

2022-03-0800:00:00
Kaspersky Lab
threats.kaspersky.com
42

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

72.9%

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A code execution vulnerability in ImageIO can be exploited via special crafted image to execute arbitrary code.
  2. A memory corruption vulnerability in ImageIO can be exploited via special crafted image to execute arbitrary code.
  3. A cookie management in WebKit can be exploited via special web content to obtain sensitive information.
  4. A buffer overflow vulnerability in WebKit can be exploited via special web content to execute arbitrary code.

Original advisories

About the security content of iTunes 12.12.3 for Windows

Related products

Apple-iTunes

CVE list

CVE-2022-22611 critical

CVE-2022-22612 critical

CVE-2022-22629 critical

CVE-2022-22662 high

Solution

Update to the latest version

Download iTunes

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Apple iTunes earlier than 12.12.3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.004

Percentile

72.9%