Apple iTunes Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Apple iTunes, which could be exploited by remote attackers to obtain sensitive information, bypass security restrictions or compromise a vulnerable system.
1. A heap overflow error within the handling of images with an embedded ColorSync profile, which could be exploited by attackers to execute arbitrary code.
2. An integer overflow error within the handling of TIFF files, which could be exploited by attackers to execute arbitrary code.
Impact
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Apple iTunes versions prior to 9.2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Upgrade to Apple iTunes version 9.2 :
http://www.apple.com/itunes/download/
Vulnerability Identifier
- CVE-2009-1564
- CVE-2009-1565
- CVE-2009-2042
- CVE-2009-3707
- CVE-2010-1138
- CVE-2010-1139
- CVE-2010-1140
- CVE-2010-1141
- CVE-2010-1142
- CVE-2009-3732
- CVE-2009-1726
- CVE-2010-0544
- CVE-2010-1119
- CVE-2010-1387
- CVE-2010-1390
- CVE-2010-1392
- CVE-2010-1393
- CVE-2010-1395
- CVE-2010-1396
- CVE-2010-1397
- CVE-2010-1398
- CVE-2010-1399
- CVE-2010-1400
- CVE-2010-1401
- CVE-2010-1402
- CVE-2010-1403
- CVE-2010-1404
- CVE-2010-1405
- CVE-2010-1408
- CVE-2010-1409
- CVE-2010-1410
- CVE-2010-1411
- CVE-2010-1412
- CVE-2010-1414
- CVE-2010-1415
- CVE-2010-1416
- CVE-2010-1417
- CVE-2010-1418
- CVE-2010-1419
- CVE-2010-1421
- CVE-2010-1422
- CVE-2010-1749
- CVE-2010-1758
- CVE-2010-1759
- CVE-2010-1761
- CVE-2010-1763
- CVE-2010-1769
- CVE-2010-1770
- CVE-2010-1771
- CVE-2010-1774
Source
Related Link
Share with