Apple hat für iTunes das Sicherheitsupdate 12.11 veröffentlicht. Das Update behebt schließt 6 Sicherheitslücken und sollte umgehend installiert werden.
iTunes Security 12.11 Release Notes
Foundation
Available for: Windows 10 and later
Impact: A local user may be able to read arbitrary files
Description: A logic issue was addressed with improved state management.
CVE-2020-10002: James Hutchins
ImageIO
Available for: Windows 10 and later
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2020-27912: Xingwei Lin of Ant Security Light-Year Lab
libxml2
Available for: Windows 10 and later
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27917: found by OSS-Fuzz
libxml2
Available for: Windows 10 and later
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2020-27911: found by OSS-Fuzz
WebKit
Available for: Windows 10 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-27918: an anonymous researcher
Windows Security
Available for: Windows 10 and later
Impact: A malicious application may be able to access local users Apple IDs
Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
CVE-2020-27895: Sourav Newatia (linkedin.com/in/sourav-newatia-5b0848a8/)