exploit the possibilities

Apple Security Advisory 2019-1-24-1

Apple Security Advisory 2019-1-24-1
Posted Jan 25, 2019
Authored by Apple | Site apple.com

Apple Security Advisory 2019-1-24-1 - iTunes 12.9.3 for Windows is now available and addresses code execution and cross site scripting vulnerabilities.

tags | advisory, vulnerability, code execution, xss
systems | windows, apple
advisories | CVE-2018-20346, CVE-2018-20505, CVE-2018-20506, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6221, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234, CVE-2019-6235
MD5 | f89b50f56fffdb5c4ded7a32cf3242c8

Apple Security Advisory 2019-1-24-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

iTunes 12.9.3 for Windows is now available and addresses the
following:

AppleKeyStore
Available for: Windows 7 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day
Initiative

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6215: Lokihardt of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia
Tech
CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day
Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan
Team
CVE-2019-6226: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team
CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6229: Ryan Pickren (ryanpickren.com)

Additional recognition

WebKit
We would like to acknowledge James Lee (@Windowsrcer) of Kryptos
Logic for their assistance.

Installation note:

iTunes 12.9.3 for Windows may be obtained from:
https://www.apple.com/itunes/download/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Fqrw//
UGoOTT5g9pxIejFnbQUY6QOoLfSOPZHSPZUZVerZbXdEbEqks5+/7HJMikogBc+0
Rh58V0qKWeE+lLTAVwRDpm2TA427z4o1fz00ExhlD2L8wPKZ8Apx522NS+X+boOk
PtXm57zCL/FrIu9zX0V3V05NNZNrI5ycS5YfAVDlCOnVkKPqIYhBh0q0ZEeemGEK
ifyTPkIG8hjtlzoFapgckzDVeSd+txIUdiY/T+wnWcDkKXU/ADEMrTur3c8LKhKC
G13FWWa0LWcJwNd94EpPGZ8hk0oH5h6WFvf6yheeTyK0nYo4j0m6KZI8TMADrMTt
G//Rx1rQLxYZXTt5IlKw8WLp5LC4/PydQptyzlatjdj20mB6efkqm4y6YZvc5Irk
4nr4+VJ/w/hVTfbkxt+zTVTQgka+3ubZ0x2C8s2vq2jYzqJwc4ZhMlCoW2kEEtL5
2AmKleX70SJD3UvRirIp23KDyCkKCXeqB/XcZVXaNUIOBoTTJrzUpfrDXN6d8mRP
4lylBHnTnkP3laQe51ZgS5oxE3AzqUlvnC2iSdb5e1Cvlchof+Ma/w13K/FR95Y/
k0qY4Xxec7DZSoMt3AKzH6uMY4gyIpGSGn1Gn80K0CEer5EF94pFArXwKyROZgia
7Qd0/V4bhj18d5fiDDWpazPqjaasRrx0HMUz4K5kfbg=
=A1td
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    1 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close