Jump to content

iTunes 12.10.08 for Windows


Hardhead

Recommended Posts

https://support.apple.com/en-us/HT201222

iTunes 12.10.8 for Windows

iTunes 12.10.8 for Windows

Released July 30, 2020

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab

CVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab

CVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab

CVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab

CVE-2020-9936: Mickey Jin of Trend Micro

CVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab

CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2020-9919:  Mickey Jin of Trend Micro

ImageIO

Available for: Windows 7 and later

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9876: Mickey Jin of Trend Micro

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2020-9875: Mickey Jin of Trend Micro

WebKit

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: An access issue existed in Content Security Policy.  This issue was addressed with improved access restrictions.

CVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2020-9925: an anonymous researcher

WebKit

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative

CVE-2020-9895: Wen Xu of SSLab, Georgia Tech

WebKit

Available for: Windows 7 and later

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: Multiple issues were addressed with improved logic.

CVE-2020-9910: Samuel Groß of Google Project Zero

WebKit Page Loading

Available for: Windows 7 and later

Impact: A malicious attacker may be able to conceal the destination of a URL

Description: A URL Unicode encoding issue was addressed with improved state management.

CVE-2020-9916: Rakesh Mane (@RakeshMane10)

WebKit Web Inspector

Available for: Windows 7 and later

Impact: Copying a URL from Web Inspector may lead to command injection

Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.

CVE-2020-9862: Ophir Lojkine (@lovasoa)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.