漏洞类别:Local
漏洞等级: 
漏洞信息
iTunes is a digital media player application for Mac OS and Windows developed by Apple.
Apple iTunes for Windows is prone to a memory corruption vulnerability that may cause Arbitrary Code Execution or Denial of Service.
Affected Versions:
Apple iTunes on Windows prior to version 12.6.1
QID Detection Logic (Authenticated):
The QID checks for the vulnerable version of iTunes by checking the file iTunes.exe. File location for the file iTunes.exe is checked by looking at the registry key "HKLM\SOFTWARE\Apple Computer, Inc.\iTunes" and value "iTunes.exe".
漏洞危害
Successful exploitation of the vulnerability may cause Arbitrary Code Execution or Denial of Service.
解决方案
Apple iTunes 12.6.1 has been released to address this issue. The update can be downloaded and installed via Apple Downloads.
Refer to Apple Security Updates for more information on the vulnerabilities and patching your system:
HT207805
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论