Logic Issue in iTunes for Windows Enables Elevated Privileges
CVE-2023-32351

7.8HIGH

Key Information:

Vendor: Apple
Status: Itunes For Windows
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-32351?

A logic issue in iTunes for Windows has been identified, which may allow an application to gain elevated privileges. This vulnerability was addressed with improved checks in the latest update, iTunes 12.12.9 for Windows. It is essential for users to update their software to prevent potential exploitation.

Affected Version(s)

iTunes for Windows < 12.12

References

https://support.apple.com/en-us/HT213763

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
May 8, 2023

Apple

What is CVE-2023-32351?

Affected Version(s)

References

CVSS V3.1

Timeline