To address recently revealed SQLite and WebKit security vulnerability, Apple this week released updates for iTunes and iCloud for Windows applications. 

iTunes for Windows 12.9.5 was issued with patches for as many as 25 flaws. Of these, four affect SQLite, while the residual 21 were addressed in WebKit.

The SQLite faults include CVE-2019-8577 and CVE-2019-8602, which could let an application gain raised privileges, CVE-2019-8600, which could result in random code implementation, and CVE-2019-8598, which could allow a request to read limited memory.

The first of the WebKit vulnerabilities, tracked as CVE-2019-8607, Apple explains in its advisory, could result in the revelation of process memory when processing spitefully created web content.

The residual 20 bugs could lead to random code execution during the processing of spitefully created web content. These bugs were reported by various researchers working with Trend Micro Zero Day, Google Project Zero, Chaitin Security Research, Georgia Tech, Qihoo 360, Tencent, Venustech, and KAIST Web Security & Privacy Lab and KAIST SoftSec Lab. 

Apple reveals that iCloud for Windows 7.12 too was issued with patches for all these security issues.

Security updates that Apple issued two weeks ago for iOS, macOS, watchOS, and tvOS, also addressed these flaw, along with ten more. At the time, the company also released Safari 12.1.1, which comprised patches for all of the above-mentioned 21 susceptibilities in WebKit.

Leave a Reply

Your email address will not be published. Required fields are marked *