iTunes 12.13.2 for Windows Fixes Parsing Issue Leading to Unexpected App Termination or Arbitrary Code Execution
CVE-2024-27793

7.8HIGH

Key Information:

Vendor: Apple
Status: Itunes For Windows
Vendor: CVE Published:; 14 May 2024

Summary

A file parsing vulnerability in iTunes for Windows has been identified, which could potentially result in unexpected termination of the application or the possibility of arbitrary code execution. This issue is addressed in the updated version 12.13.2 of iTunes for Windows, which includes improved checks to mitigate these risks. Users are encouraged to update to the latest version to ensure their systems are secure and protected from potential exploitation.

Affected Version(s)

iTunes for Windows < 12.13

References

https://support.apple.com/en-us/HT214099

http://seclists.org/fulldisclosure/2024/May/8

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Feb 26, 2024