A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-14
A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory.
Max CVSS
3.1
EPSS Score
1.78%
Published
2020-04-01
Updated
2022-06-02
An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.
Max CVSS
3.5
EPSS Score
0.16%
Published
2017-04-02
Updated
2017-07-12
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Max CVSS
2.6
EPSS Score
0.21%
Published
2008-09-11
Updated
2008-09-11
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Max CVSS
2.6
EPSS Score
1.87%
Published
2007-02-20
Updated
2018-10-16
5 vulnerabilities found