FortiClient VulnerabilitySecurity Vulnerabilities fixed in iTunes HT6001
Description
The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.
Affected Applications
iTunes
CVE References
CVE-2014-1242 CVE-2013-1024 CVE-2013-1037 CVE-2013-1038 CVE-2013-1039 CVE-2013-1040 CVE-2013-1041 CVE-2013-1042 CVE-2013-1043 CVE-2013-1044 CVE-2013-1045 CVE-2013-1046 CVE-2013-1047 CVE-2013-2842 CVE-2013-5125 CVE-2013-5126 CVE-2013-5127 CVE-2013-5128 CVE-2011-3102 CVE-2012-0841 CVE-2012-2807 CVE-2012-5134 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871Other References
https://support.apple.com/en-us/HT6001| ID | 21875 |
| Created | Jul 11, 2018 |
| Description Updated |
Dec 20, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Apple |
| Patch | auto |
| Application | iTunes |