zoukankan      html  css  js  c++  java
  • APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

    APPLE-SA-2019-3-25-5 iTunes 12.9.4 for Windows

    iTunes 12.9.4 for Windows is now available and addresses the
    following:

    CoreCrypto
    Available for: Windows 7 and later
    Impact: A malicious application may be able to elevate privileges
    Description: A buffer overflow was addressed with improved bounds
    checking.
    CVE-2019-8542: an anonymous researcher

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A type confusion issue was addressed with improved
    memory handling.
    CVE-2019-8506: Samuel Groß of Google Project Zero

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    state management.
    CVE-2019-8535: Zhiyang Zeng (@Wester) of Tencent Blade Team

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: Multiple memory corruption issues were addressed with
    improved memory handling.
    CVE-2019-6201: dwfault working with ADLab of Venustech
    CVE-2019-8518: Samuel Groß of Google Project Zero
    CVE-2019-8523: Apple
    CVE-2019-8524: G. Geshev working with Trend Micro Zero Day Initiative
    CVE-2019-8558: Samuel Groß of Google Project Zero
    CVE-2019-8559: Apple
    CVE-2019-8563: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may disclose
    sensitive user information
    Description: A cross-origin issue existed with the fetch API. This
    was addressed with improved input validation.
    CVE-2019-8515: James Lee (@Windowsrcer)

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A memory corruption issue was addressed with improved
    memory handling.
    CVE-2019-8536: Apple
    CVE-2019-8544: an anonymous researcher

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution
    Description: A use after free issue was addressed with improved
    memory management.
    CVE-2019-7285: dwfault working at ADLab of Venustech
    CVE-2019-8556: Apple

    WebKit
    Available for: Windows 7 and later
    Impact: A malicious website may be able to execute scripts in the
    context of another website
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8503: Linus Särud of Detectify

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may result in the
    disclosure of process memory
    Description: A validation issue was addressed with improved logic.
    CVE-2019-7292: Zhunki and Zhiyi Zhang of 360 ESG Codesafe Team

    WebKit
    Available for: Windows 7 and later
    Impact: A sandboxed process may be able to circumvent sandbox
    restrictions
    Description: A memory corruption issue was addressed with improved
    validation.
    CVE-2019-8562: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of
    Chaitin Security Research Lab

    WebKit
    Available for: Windows 7 and later
    Impact: Processing maliciously crafted web content may lead to
    universal cross site scripting
    Description: A logic issue was addressed with improved validation.
    CVE-2019-8551: Ryan Pickren (ryanpickren.com)

    Additional recognition

    Safari
    We would like to acknowledge Nikhil Mittal (@c0d3G33k) of Payatu Labs
    (payatu.com) for their assistance.

    WebKit
    We would like to acknowledge Andrey Kovalev of Yandex Security Team
    for their assistance.

    Installation note:

    iTunes 12.9.4 for Windows may be obtained from:
    https://www.apple.com/itunes/download/

    Information will also be posted to the Apple Security Updates
    web site: https://support.apple.com/kb/HT201222

    This message is signed with Apple's Product Security PGP key,
    and details are available at:
    https://www.apple.com/support/security/pgp/

  • 相关阅读:
    vue3.0基本使用
    node 版本升级
    Steam游戏《Northgard(北境之地)》修改器制作
    万能WEB弹出框,js随意适配
    数据湖了解
    操作系统(一)
    无题
    基于林业害虫识别系统的缺陷分析
    美化Android下拉刷新
    软件测试
  • 原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10604158.html
Copyright © 2011-2022 走看看