iTunes Fixes Logic Issue to Prevent Local Privilege Elevation
CVE-2022-48611

7.8HIGH

Key Information:

Vendor: Apple
Status: Itunes For Windows
Vendor: CVE Published:; 26 April 2024

Summary

A logic issue in iTunes for Windows has been addressed with enhanced checks designed to prevent local attackers from elevating their privileges. Users of iTunes are advised to update to the latest version, which includes fixes to mitigate potential exploitation of this vulnerability. Maintaining an updated version of software is crucial for protecting systems against emerging threats.

Affected Version(s)

iTunes for Windows < 12.12.4

References

https://support.claris.com/s/answerview?anum=000041674&la...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2024
Vulnerability Reserved
Oct 5, 2023