PT-2019-5071 · Apple+7 · Itunes For Windows+10

Sergei Glazunov

·

Publicado

2019-10-07

·

Atualizado

2024-06-15

·

CVE-2019-8625

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions iCloud for Windows versions prior to 10.7 iCloud for Windows versions prior to 7.14 tvOS versions prior to 13 iTunes for Windows versions prior to 12.10.1
Description A logic issue was addressed with improved state management, which may lead to universal cross-site scripting when processing maliciously crafted web content. This issue is related to insufficient protection of the web page structure, allowing an attacker to execute arbitrary code using specially crafted web content.
Recommendations For iCloud for Windows versions prior to 10.7, update to version 10.7 or later. For iCloud for Windows versions prior to 7.14, update to version 7.14 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For iTunes for Windows versions prior to 12.10.1, update to version 12.10.1 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALSA-2020:4451
ALT-PU-2020-1239
BDU:2020-01718
CESA-2020_4035
CESA-2020_4451
CVE-2019-8625
DSA-4558-1
MGASA-2019-0324
OPENSUSE-SU-2019:2587-1
OPENSUSE-SU-2019:2591-1
OPENSUSE-SU-2019_2587-1
OPENSUSE-SU-2019_2591-1
OPENSUSE-SU-2024:11506-1
RHSA-2020:4035
RHSA-2020:4451
RHSA-2020_4035
RHSA-2020_4451
RLSA-2020:4451
SUSE-SU-2019:3044-1
SUSE-SU-2020:1135-1
SUSE-SU-2020_1135-1
USN-4178-1

Produtos afetados

Alt Linux
Almalinux
Centos
Red Hat
Rocky Linux
Suse
Ubuntu
Icloud For Windows
Itunes
Itunes For Windows
Tvos