iTunes 12.13.1 for Windows Patches Logic Issue, Improves Privileges Checks
CVE-2023-42938

7.8HIGH

Key Information:

Vendor: Apple
Status: Itunes For Windows
Vendor: CVE Published:; 14 March 2024

Summary

A vulnerability exists in Apple iTunes for Windows due to a logic flaw that may permit local attackers to elevate their privileges. This issue, which could potentially compromise system integrity and user security, has been addressed with improved validation checks in the latest version. Users are strongly encouraged to update to iTunes 12.13.1 to ensure their systems are protected against this exploit.

Affected Version(s)

iTunes for Windows < 12.13

References

https://support.apple.com/en-us/HT214091

https://support.apple.com/kb/HT214091

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Sep 14, 2023