Kaspersky LabKLA10721KLA10721 Multiple vulnerabilities in Apple iTunes
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.4%
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information.
Below is a complete list of vulnerabilities
- Multiple memory corruption issues could be exploited remotely via a specially designed web site to cause denial of service or execute arbitrary code;
- Lack of input validation can be exploited remotely via a specially designed web site to obtain sensitive data about browsing history.
Original advisories
Related products
CVE list
CVE-2015-7048 high
CVE-2015-7101 high
CVE-2015-7100 high
CVE-2015-7050 warning
CVE-2015-7102 high
CVE-2015-7103 high
CVE-2015-7104 high
CVE-2015-7095 high
CVE-2015-7097 high
CVE-2015-7096 high
CVE-2015-7099 high
CVE-2015-7098 high
Solution
Update to the latest version
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- Apple iTunes versions earlier than 12.3.2
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
81.4%