Lucene search

Kaspersky LabKLA10620

HistoryJun 30, 2015 - 12:00 a.m.

KLA10620 Multiple vulnerabilities in Apple iTunes

2015-06-3000:00:00

Kaspersky Lab

threats.kaspersky.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a man-in-the-middle attack at vectors related to iTunes Store browsing.

Original advisories

Apple advisory

Related products

Apple-iTunes

CVE list

CVE-2015-1083 high

CVE-2015-1082 high

CVE-2015-1070 high

CVE-2015-1079 high

CVE-2015-1078 high

CVE-2015-1081 high

CVE-2015-1080 high

CVE-2015-1077 high

CVE-2015-1076 high

CVE-2015-1075 high

CVE-2015-1074 high

CVE-2015-1071 high

CVE-2015-1072 high

CVE-2015-1069 high

CVE-2015-1068 high

CVE-2015-1073 high

CVE-2014-4476 high

CVE-2014-4477 high

CVE-2014-4474 high

CVE-2014-4475 high

CVE-2014-4472 high

CVE-2014-4473 high

CVE-2014-4470 high

CVE-2014-4471 high

CVE-2014-4479 high

CVE-2014-4459 high

CVE-2015-1119 high

CVE-2014-4466 critical

CVE-2015-1122 high

CVE-2015-1121 high

CVE-2015-1120 high

CVE-2015-1124 high

CVE-2014-3192 critical

CVE-2014-4468 high

CVE-2014-4469 high

CVE-2014-4452 high

CVE-2015-1152 high

CVE-2015-1154 high

CVE-2015-1153 high

Solution

Update to the latest version

Get Apple iTunes

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.