Vulnerability CVE-2019-8801


Published: 2019-12-18

Description:
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Type:

CWE-426

(Untrusted Search Path)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Apple -> Itunes 
Apple -> Mac os x 

 References:
https://support.apple.com/HT210722
https://support.apple.com/HT210726

Copyright 2020, cxsecurity.com

 

Back to Top