Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

Related Vulnerabilities: CVE-2019-6235   CVE-2019-6221   CVE-2018-20346   CVE-2018-20505   CVE-2018-20506   CVE-2019-6215   CVE-2019-6212   CVE-2019-6216   CVE-2019-6217   CVE-2019-6226   CVE-2019-6227   CVE-2019-6233   CVE-2019-6234   CVE-2019-6229  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="68"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#69">By Date</a>
<a href="70"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="68"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#69">By Thread</a>
<a href=""><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Apple Product Security via Fulldisclosure &lt;fulldisclosure () seclists org&gt;


<em>Date</em>: Thu, 24 Jan 2019 14:08:28 -0800


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows

iTunes 12.9.3 for Windows is now available and addresses the
following:

AppleKeyStore
Available for: Windows 7 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad

Core Media
Available for: Windows 7 and later
Impact: A malicious application may be able to elevate privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day
Initiative

SQLite
Available for: Windows 7 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6215: Lokihardt of Google Project Zero

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia
Tech
CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day
Initiative
CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day
Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan
Team
CVE-2019-6226: Apple

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team
CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative
CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's
Zero Day Initiative

WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6229: Ryan Pickren (ryanpickren.com)

Additional recognition

WebKit
We would like to acknowledge James Lee (@Windowsrcer) of Kryptos
Logic for their assistance.

Installation note:

iTunes 12.9.3 for Windows may be obtained from:
<a rel="nofollow" href="https://www.apple.com/itunes/download/">https://www.apple.com/itunes/download/</a>

Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>

This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSspHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Fqrw//
UGoOTT5g9pxIejFnbQUY6QOoLfSOPZHSPZUZVerZbXdEbEqks5+/7HJMikogBc+0
Rh58V0qKWeE+lLTAVwRDpm2TA427z4o1fz00ExhlD2L8wPKZ8Apx522NS+X+boOk
PtXm57zCL/FrIu9zX0V3V05NNZNrI5ycS5YfAVDlCOnVkKPqIYhBh0q0ZEeemGEK
ifyTPkIG8hjtlzoFapgckzDVeSd+txIUdiY/T+wnWcDkKXU/ADEMrTur3c8LKhKC
G13FWWa0LWcJwNd94EpPGZ8hk0oH5h6WFvf6yheeTyK0nYo4j0m6KZI8TMADrMTt
G//Rx1rQLxYZXTt5IlKw8WLp5LC4/PydQptyzlatjdj20mB6efkqm4y6YZvc5Irk
4nr4+VJ/w/hVTfbkxt+zTVTQgka+3ubZ0x2C8s2vq2jYzqJwc4ZhMlCoW2kEEtL5
2AmKleX70SJD3UvRirIp23KDyCkKCXeqB/XcZVXaNUIOBoTTJrzUpfrDXN6d8mRP
4lylBHnTnkP3laQe51ZgS5oxE3AzqUlvnC2iSdb5e1Cvlchof+Ma/w13K/FR95Y/
k0qY4Xxec7DZSoMt3AKzH6uMY4gyIpGSGn1Gn80K0CEer5EF94pFArXwKyROZgia
7Qd0/V4bhj18d5fiDDWpazPqjaasRrx0HMUz4K5kfbg=
=A1td
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="68"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#69">By Date</a>
<a href="70"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="68"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#69">By Thread</a>
<a href=""><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows</strong> <em>Apple Product Security via Fulldisclosure (Jan 25)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started