Security updates released for Apple iTunes

Security updates released for Apple iTunes

Hello everyone,

Apple has also fixed some security vulnerabilities in iTune with the iTune 12.11 for Windows release. The details of the vulnerabilities are as follows:

 CVE ID Vulnerability Impact
 CVE-2020-10002 A logic issue was addressed with improved state   management Access to read arbitrary files
 CVE-2020-27912 An out-of-bounds write was addressed with   improved input validation Arbitrary code execution
 CVE-2020-27917 A use after free issue was addressed with improved   memory management Arbitrary code execution
 CVE-2020-27911 An integer overflow was addressed through   improved input validation Unexpected application   termination
 CVE-2020-27918 A use after free issue was addressed with improved   memory management Arbitrary code execution
 CVE-2020-27895 An information disclosure issue existed in the   transition of program state. This issue was   addressed with improved state handling Access to local user's Apple IDs

The updates can be deployed using Vulnerability Manager Plus. Initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

 Patch ID  Bulletin ID Patch Description
 317079 TU-012 Apple iTunes (12.11.0.26)
 317080 TU-012 Apple iTunes (X64) (12.11.0.26)

Cheers,

The ManageEngine team