WebKit CVE-2019-8720 Memory Corruption Vulnerability

Description

WebKit is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to Apple iTunes for Windows 12.10.1 are vulnerable.

Technologies Affected

• Apple iTunes 10
• Apple iTunes 10.0.1
• Apple iTunes 10.1
• Apple iTunes 10.1.1
• Apple iTunes 10.1.1.4
• Apple iTunes 10.1.2
• Apple iTunes 10.2
• Apple iTunes 10.2.2
• Apple iTunes 10.2.2.12
• Apple iTunes 10.3
• Apple iTunes 10.3.1
• Apple iTunes 10.4
• Apple iTunes 10.4.0.80
• Apple iTunes 10.4.1
• Apple iTunes 10.4.1.10
• Apple iTunes 10.5
• Apple iTunes 10.5.1
• Apple iTunes 10.5.1.42
• Apple iTunes 10.5.2
• Apple iTunes 10.5.3
• Apple iTunes 10.6
• Apple iTunes 10.6.1
• Apple iTunes 10.6.1.7
• Apple iTunes 10.6.3
• Apple iTunes 10.7
• Apple iTunes 11.0
• Apple iTunes 11.0.0.163
• Apple iTunes 11.0.1
• Apple iTunes 11.0.2
• Apple iTunes 11.0.3
• Apple iTunes 11.0.4
• Apple iTunes 11.0.5
• Apple iTunes 11.1
• Apple iTunes 11.1.1
• Apple iTunes 11.1.2
• Apple iTunes 11.1.3
• Apple iTunes 11.1.4
• Apple iTunes 11.1.5
• Apple iTunes 11.2
• Apple iTunes 11.2.1
• Apple iTunes 12.0.1
• Apple iTunes 12.2
• Apple iTunes 12.3
• Apple iTunes 12.3.1
• Apple iTunes 12.3.2
• Apple iTunes 12.4
• Apple iTunes 12.4.2
• Apple iTunes 12.5.1
• Apple iTunes 12.5.2
• Apple iTunes 12.5.4
• Apple iTunes 12.5.5
• Apple iTunes 12.6
• Apple iTunes 12.6.2
• Apple iTunes 12.7
• Apple iTunes 12.7.2
• Apple iTunes 12.7.3
• Apple iTunes 12.7.4
• Apple iTunes 12.7.5
• Apple iTunes 12.8
• Apple iTunes 12.9.2
• Apple iTunes 12.9.3
• Apple iTunes 12.9.4
• Apple iTunes 12.9.5
• Apple iTunes 4.0.0
• Apple iTunes 4.0.1
• Apple iTunes 4.1.0
• Apple iTunes 4.2.0
• Apple iTunes 4.5.0
• Apple iTunes 4.6.0
• Apple iTunes 4.7.0
• Apple iTunes 4.7.1
• Apple iTunes 4.7.2
• Apple iTunes 4.8.0
• Apple iTunes 4.9.0
• Apple iTunes 5.0.0
• Apple iTunes 5.0.1
• Apple iTunes 6.0.0
• Apple iTunes 6.0.1
• Apple iTunes 6.0.2
• Apple iTunes 6.0.3
• Apple iTunes 6.0.4
• Apple iTunes 6.0.5
• Apple iTunes 7.0.0
• Apple iTunes 7.0.1
• Apple iTunes 7.0.2
• Apple iTunes 7.1.0
• Apple iTunes 7.1.1
• Apple iTunes 7.2.0
• Apple iTunes 7.3.0
• Apple iTunes 7.3.1
• Apple iTunes 7.3.2
• Apple iTunes 7.4
• Apple iTunes 7.4.0
• Apple iTunes 7.4.1
• Apple iTunes 7.4.2
• Apple iTunes 7.4.3
• Apple iTunes 7.5
• Apple iTunes 7.6
• Apple iTunes 7.6.1
• Apple iTunes 7.6.2
• Apple iTunes 7.7
• Apple iTunes 7.7.1
• Apple iTunes 8.0
• Apple iTunes 8.0.0
• Apple iTunes 8.0.1
• Apple iTunes 8.1
• Apple iTunes 8.2
• Apple iTunes 9.0.0
• Apple iTunes 9.0.1
• Apple iTunes 9.0.2
• Apple iTunes 9.0.3
• Apple iTunes 9.1
• Apple iTunes 9.1.1
• Apple iTunes 9.2
• Apple iTunes 9.2.1
• Microsoft Windows 10
• Microsoft Windows 7
• Microsoft Windows 8
• WebKit Open Source Project WebKit

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Evaluate read, write, and execute permissions on all newly installed software.
To limit exposure to these and other latent vulnerabilities, evaluate setgid and setuid settings on all installed applications.

Updates are available. Please see the references or vendor advisory for more information.