漏洞类别:Local
漏洞等级: 
漏洞信息
iTunes is a digital media player application for Mac OS and Windows developed by Apple.
Multiple vulnerabilities were reported in Apple iTunes for Windows. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can bypass same-origin restrictions on the target system. A remote user can conduct cross-site scripting attacks.
Affected Version:
Apple iTunes prior to 12.7.1 for Windows
QID Detection Logic (Authenticated) :
It checks for vulnerable version of iTunes on Windows.
漏洞危害
A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can bypass same-origin restrictions on the target system.
A remote user can conduct cross-site scripting attacks.
解决方案
Apple iTunes 12.7.1 has been released to address this issue. The update can be downloaded and installed via Apple Downloads.
Refer to Apple Security Updates for more information on the vulnerabilities and patching your system:
HT208224
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论