7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.043 Low
EPSS
Percentile
92.4%
Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a man-in-the-middle attack at vectors related to iTunes Store browsing.
CVE-2015-1083 high
CVE-2015-1082 high
CVE-2015-1070 high
CVE-2015-1079 high
CVE-2015-1078 high
CVE-2015-1081 high
CVE-2015-1080 high
CVE-2015-1077 high
CVE-2015-1076 high
CVE-2015-1075 high
CVE-2015-1074 high
CVE-2015-1071 high
CVE-2015-1072 high
CVE-2015-1069 high
CVE-2015-1068 high
CVE-2015-1073 high
CVE-2014-4476 high
CVE-2014-4477 high
CVE-2014-4474 high
CVE-2014-4475 high
CVE-2014-4472 high
CVE-2014-4473 high
CVE-2014-4470 high
CVE-2014-4471 high
CVE-2014-4479 high
CVE-2014-4459 high
CVE-2015-1119 high
CVE-2014-4466 critical
CVE-2015-1122 high
CVE-2015-1121 high
CVE-2015-1120 high
CVE-2015-1124 high
CVE-2014-3192 critical
CVE-2014-4468 high
CVE-2014-4469 high
CVE-2014-4452 high
CVE-2015-1152 high
CVE-2015-1154 high
CVE-2015-1153 high
Update to the latest version
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conΡrete program errors.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.