Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-127


Apple iTunes for Windows Multiple Flaws
Severity Rating: Medium
Systems Affected:
  • Apple iTunes 12.7 for Windows
Description
Multiple vulnerabilities have been reported in Apple iTunes for Windows and they can be exploited by remote attackers to cause execution of arbitrary code, bypass same origin restrictions and conduct cross-site scripting attacks on vulnerable systems. The vulnerabilities are as follows:
 
  • A remote user can trigger an input validation flaw in the WebKit component to execute arbitrary code
 
  • A remote user can trigger a memory corruption error in the WebKit component to execute arbitrary code
 
  • A remote user can trigger a cross-origin permissions error in the WebKit component to obtain cookies for other domains
 
  • A remote user can trigger an input validation flaw in the WebKit component to conduct cross site scripting attacks
 
Solution
Users are advised to apply updates.
More information is available on:
 
Vendor Information
Apple
CVE Information
References
Apple Security Bulletin
 
Security Tracker
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis