Logic Issue in iTunes for Windows Leads to Privilege Escalation Vulnerability
CVE-2024-44193

7.8HIGH

Key Information:

Vendor: Apple
Status: Itunes
Vendor: CVE Published:; 2 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A logic issue present in iTunes for Windows has the potential to allow local attackers to elevate their privileges. This vulnerability has been mitigated in iTunes version 12.13.3 through improved restrictions to prevent unauthorized privilege escalation. Users of affected versions are encouraged to upgrade promptly to ensure their systems remain secure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-44193
Created by mbog14

References

https://support.apple.com/en-us/121328

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Oct 4, 2024
👾
Exploit known to exist
Oct 4, 2024
Vulnerability published
Oct 2, 2024