Security Vulnerabilities fixed in iTunes HT207158

description-logoDescription

A parsing issue existed in the handling of error prototypes. This was addressed through improved validation. A permissions issue existed in the handling of the location variable. This was addressed though additional ownership checks. Multiple memory corruption issues were addressed through improved memory handling. Safari's support of HTTP/0.9 allowed cross-protocol exploitation of non-HTTP services using DNS rebinding. The issue was addressed by restricting HTTP/0.9 responses to default ports and canceling resource loads if the document was loaded with a different HTTP protocol version. A memory corruption issue was addressed through improved state management. A certificate validation issue existed in the handling of WKWebView. This issue was addressed through improved validation. A memory corruption issue was addressed through improved input validation.

affected-products-logoAffected Applications

iTunes