Security updates released for Apple iTunes
Hello everyone,
Apple has also fixed some security vulnerabilities in iTune with the iTune 12.11 for Windows release. The details of the vulnerabilities are as follows:
| CVE ID | Vulnerability | Impact |
| CVE-2020-10002 | A logic issue was addressed with improved state management | Access to read arbitrary files |
| CVE-2020-27912 | An out-of-bounds write was addressed with improved input validation | Arbitrary code execution |
| CVE-2020-27917 | A use after free issue was addressed with improved memory management | Arbitrary code execution |
| CVE-2020-27911 | An integer overflow was addressed through improved input validation | Unexpected application termination |
| CVE-2020-27918 | A use after free issue was addressed with improved memory management | Arbitrary code execution |
| CVE-2020-27895 | An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling | Access to local user's Apple IDs |
The updates can be deployed using Vulnerability Manager Plus. Initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.
| Patch ID | Bulletin ID | Patch Description |
| 317079 | TU-012 | Apple iTunes (12.11.0.26) |
| 317080 | TU-012 | Apple iTunes (X64) (12.11.0.26) |
Cheers,
The ManageEngine team