Het programma iTunes is een digitale mediaspeler die door Apple op 10 januari 2001 werd geïntroduceerd. Met iTunes kunnen digitale muziek- en videobestanden afgespeeld worden.

 

Changelog:  

ImageIO

      • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
      • Description: An out-of-bounds write issue was addressed with improved bounds checking.
      • CVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab
      • CVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab
      • CVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab
      • CVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab
      • CVE-2020-9936: Mickey Jin of Trend Micro
      • CVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab

ImageIO

      • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
      • Description: An out-of-bounds read was addressed with improved input validation.
      • CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab
      • CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO

      • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
      • Description: A buffer overflow issue was addressed with improved memory handling.
      • CVE-2020-9919: Mickey Jin of Trend Micro

ImageIO

      • Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
      • Description: An out-of-bounds write issue was addressed with improved bounds checking.
      • CVE-2020-9876: Mickey Jin of Trend Micro

ImageIO

      • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
      • Description: An out-of-bounds read was addressed with improved bounds checking.
      • CVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab

ImageIO

      • Impact: Processing a maliciously crafted image may lead to arbitrary code execution
      • Description: An integer overflow was addressed through improved input validation.
      • CVE-2020-9875: Mickey Jin of Trend Micro

WebKit

      • Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
      • Description: An out-of-bounds read was addressed with improved input validation.
      • CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative

WebKit

      • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
      • Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.
      • CVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon

WebKit

      • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
      • Description: A logic issue was addressed with improved state management.
      • CVE-2020-9925: an anonymous researcher

WebKit

      • Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
      • Description: A use after free issue was addressed with improved memory management.
      • CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative
      • CVE-2020-9895: Wen Xu of SSLab, Georgia Tech

WebKit

      • Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
      • Description: Multiple issues were addressed with improved logic.
      • CVE-2020-9910: Samuel Groß of Google Project Zero

WebKit Page Loading

      • Impact: A malicious attacker may be able to conceal the destination of a URL
      • Description: A URL Unicode encoding issue was addressed with improved state management.
      • CVE-2020-9916: Rakesh Mane (@RakeshMane10)

WebKit Web Inspector

    • Impact: Copying a URL from Web Inspector may lead to command injection
    • Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
    • CVE-2020-9862: Ophir Lojkine (@lovasoa)

 

Besturing:  Windows 7, Windows 8, Windows 10
Download: https://www.apple.com/benl/itunes/download/
Licentie:  Freeware
Schermafbeelding:  Eigen schermafdruk

©Eigen schermafdruk

Geef een reactie