Lucene search

K
symantecSymantec Security ResponseSMNTC-110389
HistoryOct 08, 2019 - 12:00 a.m.

Apple macOS/iCloud for Windows/iTunes CVE-2019-8745 Buffer Overflow Vulnerability

2019-10-0800:00:00
Symantec Security Response
www.symantec.com
86

0.008 Low

EPSS

Percentile

81.8%

Description

Apple macOS/iCloud for Windows/iTunes are prone to a buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue has been fixed in: macOS Catalina 10.15iCloud for Windows 10.7 iCloud for Windows 7.14 iTunes 12.10.1 for Windows

Technologies Affected

  • Apple IMac
  • Apple Mac Pro
  • Apple MacBook
  • Apple MacMini
  • Apple Macbook Air
  • Apple Macbook Pro
  • Apple iCloud 6.0
  • Apple iCloud 6.0.1
  • Apple iCloud 6.1
  • Apple iCloud 6.1.1
  • Apple iCloud 6.2
  • Apple iCloud 6.2.1
  • Apple iCloud 6.2.2
  • Apple iCloud 7.0
  • Apple iCloud 7.10
  • Apple iCloud 7.11
  • Apple iCloud 7.12
  • Apple iCloud 7.2
  • Apple iCloud 7.3
  • Apple iCloud 7.4
  • Apple iCloud 7.5
  • Apple iCloud 7.6
  • Apple iCloud 7.9
  • Apple iMac Pro
  • Apple iTunes 10
  • Apple iTunes 10.0.1
  • Apple iTunes 10.1
  • Apple iTunes 10.1.1
  • Apple iTunes 10.1.1.4
  • Apple iTunes 10.1.2
  • Apple iTunes 10.2
  • Apple iTunes 10.2.2
  • Apple iTunes 10.2.2.12
  • Apple iTunes 10.3
  • Apple iTunes 10.3.1
  • Apple iTunes 10.4
  • Apple iTunes 10.4.0.80
  • Apple iTunes 10.4.1
  • Apple iTunes 10.4.1.10
  • Apple iTunes 10.5
  • Apple iTunes 10.5.1
  • Apple iTunes 10.5.1.42
  • Apple iTunes 10.5.2
  • Apple iTunes 10.5.3
  • Apple iTunes 10.6
  • Apple iTunes 10.6.1
  • Apple iTunes 10.6.1.7
  • Apple iTunes 10.6.3
  • Apple iTunes 10.7
  • Apple iTunes 11.0
  • Apple iTunes 11.0.0.163
  • Apple iTunes 11.0.1
  • Apple iTunes 11.0.2
  • Apple iTunes 11.0.3
  • Apple iTunes 11.0.4
  • Apple iTunes 11.0.5
  • Apple iTunes 11.1
  • Apple iTunes 11.1.1
  • Apple iTunes 11.1.2
  • Apple iTunes 11.1.3
  • Apple iTunes 11.1.4
  • Apple iTunes 11.1.5
  • Apple iTunes 11.2
  • Apple iTunes 11.2.1
  • Apple iTunes 12.0.1
  • Apple iTunes 12.2
  • Apple iTunes 12.3
  • Apple iTunes 12.3.1
  • Apple iTunes 12.3.2
  • Apple iTunes 12.4
  • Apple iTunes 12.4.2
  • Apple iTunes 12.5.1
  • Apple iTunes 12.5.2
  • Apple iTunes 12.5.4
  • Apple iTunes 12.5.5
  • Apple iTunes 12.6
  • Apple iTunes 12.6.2
  • Apple iTunes 12.7
  • Apple iTunes 12.7.2
  • Apple iTunes 12.7.3
  • Apple iTunes 12.7.4
  • Apple iTunes 12.7.5
  • Apple iTunes 12.8
  • Apple iTunes 12.9.2
  • Apple iTunes 12.9.3
  • Apple iTunes 12.9.4
  • Apple iTunes 12.9.5
  • Apple iTunes 4.0.0
  • Apple iTunes 4.0.1
  • Apple iTunes 4.1.0
  • Apple iTunes 4.2.0
  • Apple iTunes 4.5.0
  • Apple iTunes 4.6.0
  • Apple iTunes 4.7.0
  • Apple iTunes 4.7.1
  • Apple iTunes 4.7.2
  • Apple iTunes 4.8.0
  • Apple iTunes 4.9.0
  • Apple iTunes 5.0.0
  • Apple iTunes 5.0.1
  • Apple iTunes 6.0.0
  • Apple iTunes 6.0.1
  • Apple iTunes 6.0.2
  • Apple iTunes 6.0.3
  • Apple iTunes 6.0.4
  • Apple iTunes 6.0.5
  • Apple iTunes 7.0.0
  • Apple iTunes 7.0.1
  • Apple iTunes 7.0.2
  • Apple iTunes 7.1.0
  • Apple iTunes 7.1.1
  • Apple iTunes 7.2.0
  • Apple iTunes 7.3.0
  • Apple iTunes 7.3.1
  • Apple iTunes 7.3.2
  • Apple iTunes 7.4
  • Apple iTunes 7.4.0
  • Apple iTunes 7.4.1
  • Apple iTunes 7.4.2
  • Apple iTunes 7.4.3
  • Apple iTunes 7.5
  • Apple iTunes 7.6
  • Apple iTunes 7.6.1
  • Apple iTunes 7.6.2
  • Apple iTunes 7.7
  • Apple iTunes 7.7.1
  • Apple iTunes 8.0
  • Apple iTunes 8.0.0
  • Apple iTunes 8.0.1
  • Apple iTunes 8.0.2.20
  • Apple iTunes 8.1
  • Apple iTunes 8.2
  • Apple iTunes 9.0.0
  • Apple iTunes 9.0.1
  • Apple iTunes 9.0.2
  • Apple iTunes 9.0.3
  • Apple iTunes 9.1
  • Apple iTunes 9.1.1
  • Apple iTunes 9.2
  • Apple iTunes 9.2.1

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.

Updates are available. Please see the references or vendor advisory for more information.

References

0.008 Low

EPSS

Percentile

81.8%