Input Validation Issue in Apple iTunes U Product
CVE-2021-30862

6.1MEDIUM

Key Information:

Vendor: Apple
Status: Itunes U
Vendor: CVE Published:; 24 August 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An input validation flaw in Apple iTunes U could allow an attacker to process a specially crafted URL, potentially leading to the execution of arbitrary JavaScript code. This vulnerability is addressed in iTunes U version 3.8.3 with enhanced input sanitization measures, mitigating the risk of exploitation from malicious URLs.

Affected Version(s)

iTunes U < 3.8

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-30862
Created by Umarovm

References

https://support.apple.com/en-us/HT212809

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Feb 5, 2025
👾
Exploit known to exist
Feb 5, 2025
Vulnerability published
Aug 24, 2021
Vulnerability Reserved
Apr 13, 2021