iTunes Security Update 12.11

Apple hat für iTunes das Sicherheitsupdate 12.11 veröffentlicht. Das Update behebt schließt 6 Sicherheitslücken und sollte umgehend installiert werden.

iTunes Security 12.11 Release Notes

Foundation

Available for: Windows 10 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state management.
CVE-2020-10002: James Hutchins

ImageIO

Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab

libxml2

Available for: Windows 10 and later
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27917: found by OSS-Fuzz

libxml2

Available for: Windows 10 and later
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2020-27911: found by OSS-Fuzz

WebKit

Available for: Windows 10 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27918: an anonymous researcher

Windows Security

Available for: Windows 10 and later
Impact: A malicious application may be able to access local users Apple IDs
Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
CVE-2020-27895: Sourav Newatia (linkedin.com/in/sourav-newatia-5b0848a8/)

Quelle: https://support.apple.com/en-us/HT211933