This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit resulting in remote code execution was fixed. This issue did not affect users of the latest version of iTunes.

An issue in the Windows DNS client was addressed that could lead to DNS query response validation failure. This issue affected Windows clients using Microsoft Windows DNS. An issue in Google Chrome was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using Google Chrome. An issue in Windows printing was fixed that could lead to a denial of service condition. An issue in Microsoft Edge was fixed that could lead to remote code execution. This issue affected Windows 10 clients using Microsoft Edge. An issue in Firefox was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using Mozilla Firefox. An issue in WebExtension was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using WebExtension.

Microsoft Edge CVEs

The following Microsoft Edge CVEs have been addressed:
CVE-2022-26751. This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit resulting in remote code execution was fixed. This issue did not affect users of the latest version of iTunes.
CVE-2020-17790. This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit that could lead to a denial of service condition was fixed. This issue affected Windows, Mac, and Linux clients using Google Chrome.
CVE-2020-17789. This issue was addressed by improving the way Chrome handles Extension restrictions during installation to prevent an attack that uses a malicious extension to exploit vulnerabilities (CVE-2019-11062).
CVE-2020-16409 and CVE-2020-16408. These issues were found in Microsoft Edge and have been addressed in multiple releases:
CVE-2020-16409: A use after free vulnerability could be used to achieve remote code execution via JavaScript API use after free conditions that leveraged the use of internal objects within the JavaScript engine (CVE-2020).
CVE-2020: 16408: A buffer overflow vulnerability exists when processing user input when rendering PDF files - specifically, PDF documents containing message boxes - probably due to improper validation of user input before returning it from JavaScript engines (CVSSv3 8).

How to Address the CVEs

For users of the latest version of iTunes, updating to the latest version will address this issue.
For Windows users, update your operating system to the latest version.  For Mac and Linux users, update your browser to the latest version. For Windows 10 users, update to Microsoft Edge or Mozilla Firefox ESR.

Timeline

Published on: 05/26/2022 20:15:00 UTC
Last modified on: 06/07/2022 19:49:00 UTC

References