Apple heeft versie 12.10.8 van iTunes uitgebracht. Met dit programma is het onder andere mogelijk om muziek te beluisteren of films en tv-series te bekijken. Deze kunnen via de internetmuziekwinkel van Apple iTunes worden aangeschaft. Het programma kan verder cd's branden en worden gebruikt om een iPod, iPhone of iPad te beheren. Apples iTunes is beschikbaar voor Windows 7 en nieuwer. Versie 12.10.8 moet diverse beveiligingsproblemen verhelpen.
ImageIOImageIO
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-9871: Xingwei Lin of Ant-financial Light-Year Security Lab
- CVE-2020-9872: Xingwei Lin of Ant-financial Light-Year Security Lab
- CVE-2020-9874: Xingwei Lin of Ant-financial Light-Year Security Lab
- CVE-2020-9879: Xingwei Lin of Ant-Financial Light-Year Security Lab
- CVE-2020-9936: Mickey Jin of Trend Micro
- CVE-2020-9937: Xingwei Lin of Ant-Financial Light-Year Security Lab
ImageIO
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-9873: Xingwei Lin of Ant-financial Light-Year Security Lab
- CVE-2020-9938: Xingwei Lin of Ant-financial Light-Year Security Lab
ImageIO
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2020-9919: Mickey Jin of Trend Micro
ImageIO
- Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
- Description: An out-of-bounds write issue was addressed with improved bounds checking.
- CVE-2020-9876: Mickey Jin of Trend Micro
ImageIO
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved bounds checking.
- CVE-2020-9877: Xingwei Lin of Ant-financial Light-Year Security Lab
WebKit
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An integer overflow was addressed through improved input validation.
- CVE-2020-9875: Mickey Jin of Trend Micro
WebKit
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2020-9894: 0011 working with Trend Micro Zero Day Initiative
WebKit
- Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- Description: An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.
- CVE-2020-9915: Ayoub AIT ELMOKHTAR of Noon
WebKit
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved state management.
- CVE-2020-9925: an anonymous researcher
WebKit
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2020-9893: 0011 working with Trend Micro Zero Day Initiative
- CVE-2020-9895: Wen Xu of SSLab, Georgia Tech
WebKit Page Loading
- Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
- Description: Multiple issues were addressed with improved logic.
- CVE-2020-9910: Samuel Groß of Google Project Zero
WebKit Web Inspector
- Impact: A malicious attacker may be able to conceal the destination of a URL
- Description: A URL Unicode encoding issue was addressed with improved state management.
- CVE-2020-9916: Rakesh Mane (@RakeshMane10)
- Impact: Copying a URL from Web Inspector may lead to command injection
- Description: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
- CVE-2020-9862: Ophir Lojkine (@lovasoa)
:fill(white):strip_exif()/i/2001085923.jpeg?f=thumbmedium)
:strip_icc():strip_exif()/u/611711/crop63189b7544364_cropped.jpg?f=community){kind=small}
:strip_icc():strip_exif()/u/25645/crop62eaa5e5835c5.jpg?f=community){kind=small}
