Versions of iTunes prior to 12.6 are affected by multiple vulnerabilities :
- A use-after-free condition exists that is triggered when handling RenderBox objects. With specially crafted web content, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2463)
- A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the ‘notifyChildNodeRemoved()’ function in ‘WebCore/dom/ContainerNodeAlgorithms.cpp’ executes script code synchronously. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and any server. (CVE-2017-2479)
- A flaw exists that allows a UXSS attack. This flaw exists because the program does not properly revalidates the ‘SubframeLoader::requestFrame()’ function in ‘WebCore/loader/SubframeLoader.cpp’. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and any server. (CVE-2017-2480)