what you don't know can hurt you

Apple Security Advisory 2020-05-26-8

Apple Security Advisory 2020-05-26-8
Posted May 29, 2020
Authored by Apple | Site apple.com

Apple Security Advisory 2020-05-26-8 - iTunes 12.10.7 for Windows addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss
systems | windows, apple
advisories | CVE-2020-3878, CVE-2020-9789, CVE-2020-9790, CVE-2020-9794, CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850
MD5 | 291e94da2513acdd977e166aa42053c6

Apple Security Advisory 2020-05-26-8

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2020-05-26-8 iTunes 12.10.7 for Windows

iTunes 12.10.7 for Windows addresses the following:

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2020-3878: Samuel Groß of Google Project Zero

SQLite
Available for: Windows 7 and later
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-9794

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9805: an anonymous researcher

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro
Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2020-9806: Wen Xu of SSLab at Georgia Tech
CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

WebKit
Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of
@SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

Additional recognition

ImageIO
We would like to acknowledge Lei Sun for their assistance.

WebKit
We would like to acknowledge Aidan Dunlap of UT Austin for their
assistance.

Installation note:

iTunes 12.10.7 for Windows may be obtained from:
https://www.apple.com/itunes/download/
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.64

iQIcBAEDCAAGBQJezV7wAAoJEAc+Lhnt8tDNodoQAIkZG5k5Pu6KIIyk79NPenJ7
xOe+7VE+zOSciuX2aExkz8mY1hlsWA69+NnOa8d7c//1uSCDLTHTTgn22l2z7emD
H03DQKFOQaGio5mI870g7kq8MMGZJLmWIABVpRKjsk7IJSYPiXcmRPjwyL5X6Qk6
WpLiLl27VcnLAKIsRf8/rmQKIIjwAFQUo6S8HmXtlROvLf7+HVYDEqYfN6xz9M4Q
4UeFJB9O/x76wm/8pWEvqW7S7iBv7dAsgrB+JqtdsyvK24YWcTQjHYSuqEDOjAb4
qIzHnO6gLfE+vi93GMaJfmpCQn8007RPvy+pxDys+H3QpOi2peWUhFkXfEIihr2Q
AkC969k64yPXjq9KljOT/oVQ0ubL9NeG94pLoKAkB+G9E8t814J0M/qZHPQImFZx
5m3BN3mknjGfYCpTydyScq8/DPE/qxnZbayJA7VEJbmUcfF9ufGEWJL4W/ayHIaV
s2OET0jJaULPEX5hW9U0ThT6PVLP6yG8DDqKUiJjfEi2PM9gRPH4n8iN9TSk50Pi
F9VcDi+KDFLs0/pmLwx/8sXy0MtHSCoa5AbJqRv7eVIfO4frq87UlEljavWbMZxI
N4LyxnrY6J4FkRdJHFVqcVAg1I88bokLUQWp3JqKSJBVBj7Q1lBd5QLgkZs8kSOV
T43UZEAwm39RXrMMSUx6
=oGOP
-----END PGP SIGNATURE-----



Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close