Lucene search

Symantec Security ResponseSMNTC-110389

HistoryOct 08, 2019 - 12:00 a.m.

Apple macOS/iCloud for Windows/iTunes CVE-2019-8745 Buffer Overflow Vulnerability

2019-10-0800:00:00

Symantec Security Response

www.symantec.com

0.008 Low

EPSS

Percentile

81.8%

JSON

Description

Apple macOS/iCloud for Windows/iTunes are prone to a buffer overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue has been fixed in: macOS Catalina 10.15iCloud for Windows 10.7 iCloud for Windows 7.14 iTunes 12.10.1 for Windows

Technologies Affected

Apple IMac
Apple Mac Pro
Apple MacBook
Apple MacMini
Apple Macbook Air
Apple Macbook Pro
Apple iCloud 6.0
Apple iCloud 6.0.1
Apple iCloud 6.1
Apple iCloud 6.1.1
Apple iCloud 6.2
Apple iCloud 6.2.1
Apple iCloud 6.2.2
Apple iCloud 7.0
Apple iCloud 7.10
Apple iCloud 7.11
Apple iCloud 7.12
Apple iCloud 7.2
Apple iCloud 7.3
Apple iCloud 7.4
Apple iCloud 7.5
Apple iCloud 7.6
Apple iCloud 7.9
Apple iMac Pro
Apple iTunes 10
Apple iTunes 10.0.1
Apple iTunes 10.1
Apple iTunes 10.1.1
Apple iTunes 10.1.1.4
Apple iTunes 10.1.2
Apple iTunes 10.2
Apple iTunes 10.2.2
Apple iTunes 10.2.2.12
Apple iTunes 10.3
Apple iTunes 10.3.1
Apple iTunes 10.4
Apple iTunes 10.4.0.80
Apple iTunes 10.4.1
Apple iTunes 10.4.1.10
Apple iTunes 10.5
Apple iTunes 10.5.1
Apple iTunes 10.5.1.42
Apple iTunes 10.5.2
Apple iTunes 10.5.3
Apple iTunes 10.6
Apple iTunes 10.6.1
Apple iTunes 10.6.1.7
Apple iTunes 10.6.3
Apple iTunes 10.7
Apple iTunes 11.0
Apple iTunes 11.0.0.163
Apple iTunes 11.0.1
Apple iTunes 11.0.2
Apple iTunes 11.0.3
Apple iTunes 11.0.4
Apple iTunes 11.0.5
Apple iTunes 11.1
Apple iTunes 11.1.1
Apple iTunes 11.1.2
Apple iTunes 11.1.3
Apple iTunes 11.1.4
Apple iTunes 11.1.5
Apple iTunes 11.2
Apple iTunes 11.2.1
Apple iTunes 12.0.1
Apple iTunes 12.2
Apple iTunes 12.3
Apple iTunes 12.3.1
Apple iTunes 12.3.2
Apple iTunes 12.4
Apple iTunes 12.4.2
Apple iTunes 12.5.1
Apple iTunes 12.5.2
Apple iTunes 12.5.4
Apple iTunes 12.5.5
Apple iTunes 12.6
Apple iTunes 12.6.2
Apple iTunes 12.7
Apple iTunes 12.7.2
Apple iTunes 12.7.3
Apple iTunes 12.7.4
Apple iTunes 12.7.5
Apple iTunes 12.8
Apple iTunes 12.9.2
Apple iTunes 12.9.3
Apple iTunes 12.9.4
Apple iTunes 12.9.5
Apple iTunes 4.0.0
Apple iTunes 4.0.1
Apple iTunes 4.1.0
Apple iTunes 4.2.0
Apple iTunes 4.5.0
Apple iTunes 4.6.0
Apple iTunes 4.7.0
Apple iTunes 4.7.1
Apple iTunes 4.7.2
Apple iTunes 4.8.0
Apple iTunes 4.9.0
Apple iTunes 5.0.0
Apple iTunes 5.0.1
Apple iTunes 6.0.0
Apple iTunes 6.0.1
Apple iTunes 6.0.2
Apple iTunes 6.0.3
Apple iTunes 6.0.4
Apple iTunes 6.0.5
Apple iTunes 7.0.0
Apple iTunes 7.0.1
Apple iTunes 7.0.2
Apple iTunes 7.1.0
Apple iTunes 7.1.1
Apple iTunes 7.2.0
Apple iTunes 7.3.0
Apple iTunes 7.3.1
Apple iTunes 7.3.2
Apple iTunes 7.4
Apple iTunes 7.4.0
Apple iTunes 7.4.1
Apple iTunes 7.4.2
Apple iTunes 7.4.3
Apple iTunes 7.5
Apple iTunes 7.6
Apple iTunes 7.6.1
Apple iTunes 7.6.2
Apple iTunes 7.7
Apple iTunes 7.7.1
Apple iTunes 8.0
Apple iTunes 8.0.0
Apple iTunes 8.0.1
Apple iTunes 8.0.2.20
Apple iTunes 8.1
Apple iTunes 8.2
Apple iTunes 9.0.0
Apple iTunes 9.0.1
Apple iTunes 9.0.2
Apple iTunes 9.0.3
Apple iTunes 9.1
Apple iTunes 9.1.1
Apple iTunes 9.2
Apple iTunes 9.2.1

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To limit the potential damage that a successful exploit may achieve, run all nonadministrative software as a regular user with the least amount of privileges required to successfully operate.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.

Updates are available. Please see the references or vendor advisory for more information.

CPENameOperatorVersion
apple ituneseq4.0.1
apple ituneseq10.2.2.12
apple ituneseq9.1
apple ituneseq4.8.0
apple ituneseq7.3.2
apple ituneseq6.0.1
apple ituneseq5.0.1
apple ituneseq10.7
apple ituneseq12.9.4
apple icloudeq7.3

Name	Operator	Version
apple itunes	eq	4.0.1
apple itunes	eq	10.2.2.12
apple itunes	eq	9.1
apple itunes	eq	4.8.0
apple itunes	eq	7.3.2
apple itunes	eq	6.0.1
apple itunes	eq	5.0.1
apple itunes	eq	10.7
apple itunes	eq	12.9.4
apple icloud	eq	7.3

Rows per page:

1-10 of 1331

References

www.apple.com/

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for SMNTC-110389