CVE-2022-26751 An input validation issue was fixed in iTunes 12.12.4, iOS 15.5, and iPadOS 15.5, Security Update 2022-004 Catalina, and macOS Big Sur 11.6.6.

CVE-2022-26751 An input validation issue was fixed in iTunes 12.12.4, iOS 15.5, and iPadOS 15.5, Security Update 2022-004 Catalina, and macOS Big Sur 11.6.6.

This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit resulting in remote code execution was fixed. This issue did not affect users of the latest version of iTunes.

An issue in the Windows DNS client was addressed that could lead to DNS query response validation failure. This issue affected Windows clients using Microsoft Windows DNS. An issue in Google Chrome was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using Google Chrome. An issue in Windows printing was fixed that could lead to a denial of service condition. An issue in Microsoft Edge was fixed that could lead to remote code execution. This issue affected Windows 10 clients using Microsoft Edge. An issue in Firefox was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using Mozilla Firefox. An issue in WebExtension was fixed that could lead to remote code execution. This issue affected Windows, Mac, and Linux clients using WebExtension.

Microsoft Edge CVEs

The following Microsoft Edge CVEs have been addressed:
CVE-2022-26751. This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit resulting in remote code execution was fixed. This issue did not affect users of the latest version of iTunes.
CVE-2020-17790. This issue was addressed by improved memory handling. A memory corruption issue was addressed with improved memory handling. An issue in WebKit that could lead to a denial of service condition was fixed. This issue affected Windows, Mac, and Linux clients using Google Chrome.
CVE-2020-17789. This issue was addressed by improving the way Chrome handles Extension restrictions during installation to prevent an attack that uses a malicious extension to exploit vulnerabilities (CVE-2019-11062).
CVE-2020-16409 and CVE-2020-16408. These issues were found in Microsoft Edge and have been addressed in multiple releases:
CVE-2020-16409: A use after free vulnerability could be used to achieve remote code execution via JavaScript API use after free conditions that leveraged the use of internal objects within the JavaScript engine (CVE-2020).
CVE-2020: 16408: A buffer overflow vulnerability exists when processing user input when rendering PDF files - specifically, PDF documents containing message boxes - probably due to improper validation of user input before returning it from JavaScript engines (CVSSv3 8).

How to Address the CVEs

For users of the latest version of iTunes, updating to the latest version will address this issue.
For Windows users, update your operating system to the latest version.  For Mac and Linux users, update your browser to the latest version. For Windows 10 users, update to Microsoft Edge or Mozilla Firefox ESR.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe