Search

Find a vulnerability

Search criteria

    384 vulnerabilities found for iTunes for Windows by Apple

    CVE-2024-44157 (GCVE-0-2024-44157)

    Vulnerability from nvd – Published: 2024-10-11 17:26 – Updated: 2026-04-02 18:16
    VLAI
    Summary
    A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Parsing a maliciously crafted video file may lead to unexpected system termination
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple Apple TV Affected: 0 , < 1.5.0 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: 0 , < 12.13.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T18:21:33.448425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:45:07.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apple TV",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Parsing a maliciously crafted video file may lead to unexpected system termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:16:25.758Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121328"
            },
            {
              "url": "https://support.apple.com/en-us/121441"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44157",
        "datePublished": "2024-10-11T17:26:55.533Z",
        "dateReserved": "2024-08-20T21:42:05.924Z",
        "dateUpdated": "2026-04-02T18:16:25.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44193 (GCVE-0-2024-44193)

    Vulnerability from nvd – Published: 2024-10-02 14:24 – Updated: 2026-04-02 18:08
    VLAI
    Summary
    A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: 0 , < 12.13.3 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.13.3 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.13.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T16:18:43.155219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-281",
                    "description": "CWE-281 Improper Preservation of Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T15:46:57.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:08:19.183Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121328"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44193",
        "datePublished": "2024-10-02T14:24:36.119Z",
        "dateReserved": "2024-08-20T21:42:05.934Z",
        "dateUpdated": "2026-04-02T18:08:19.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-27793 (GCVE-0-2024-27793)

    Vulnerability from nvd – Published: 2024-05-08 22:15 – Updated: 2026-04-02 18:17
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Parsing a file may lead to an unexpected app termination or arbitrary code execution
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: 0 , < 12.13.2 (custom)
    Create a notification for this product.
    apple itunes Affected: 12.13.2
        cpe:2.3:a:apple:itunes:12.13.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:12.13.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.13.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T14:40:53.280615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T13:48:11.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:18:05.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214099"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/8"
              },
              {
                "url": "https://support.apple.com/kb/HT214099"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Parsing a file may lead to an unexpected app termination or arbitrary code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:17:24.029Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120897"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27793",
        "datePublished": "2024-05-08T22:15:21.788Z",
        "dateReserved": "2024-02-26T15:32:28.515Z",
        "dateUpdated": "2026-04-02T18:17:24.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-48611 (GCVE-0-2022-48611)

    Vulnerability from nvd – Published: 2024-04-26 19:40 – Updated: 2024-09-06 17:48
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12.4 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.12.4 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:17:55.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/answerview?anum=000041674\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.12.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:19:38.845531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:48:52.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T19:40:16.059Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/answerview?anum=000041674\u0026language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-48611",
        "datePublished": "2024-04-26T19:40:16.059Z",
        "dateReserved": "2023-10-05T14:34:47.489Z",
        "dateUpdated": "2024-09-06T17:48:52.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42938 (GCVE-0-2023-42938)

    Vulnerability from nvd – Published: 2024-03-14 18:24 – Updated: 2025-03-28 20:47
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.13 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.13.1 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:21.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214091"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214091"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T17:16:01.845440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T20:47:45.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-14T18:25:06.268Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT214091"
            },
            {
              "url": "https://support.apple.com/kb/HT214091"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42938",
        "datePublished": "2024-03-14T18:24:02.258Z",
        "dateReserved": "2023-09-14T19:05:11.471Z",
        "dateUpdated": "2025-03-28T20:47:45.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32353 (GCVE-0-2023-32353)

    Vulnerability from nvd – Published: 2023-06-23 00:00 – Updated: 2024-12-05 16:01
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to elevate privileges
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213763"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T15:58:41.973984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T16:01:25.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to elevate privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-27T03:45:57.372Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213763"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32353",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2024-12-05T16:01:25.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32351 (GCVE-0-2023-32351)

    Vulnerability from nvd – Published: 2023-06-23 00:00 – Updated: 2024-12-05 16:57
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to gain elevated privileges
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:25.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213763"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T16:56:34.787907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T16:57:21.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to gain elevated privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-27T03:46:17.730Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213763"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32351",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2024-12-05T16:57:21.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36521 (GCVE-0-2020-36521)

    Vulnerability from nvd – Published: 2022-09-23 18:58 – Updated: 2025-05-22 15:33
    VLAI
    Summary
    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.10 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 14.0 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 11.4 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 7.21 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.0 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 14.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211843"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211850"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211844"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211952"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211847"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211846"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T15:33:51.276210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T15:33:57.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-23T18:58:31.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211843"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211850"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211844"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211952"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211847"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211846"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2020-36521",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT211843",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211843"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211850",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211850"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211844",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211844"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211952",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211952"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211847",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211847"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211846",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211846"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2020-36521",
        "datePublished": "2022-09-23T18:58:31.000Z",
        "dateReserved": "2022-03-28T00:00:00.000Z",
        "dateUpdated": "2025-05-22T15:33:57.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26774 (GCVE-0-2022-26774)

    Vulnerability from nvd – Published: 2022-05-26 19:28 – Updated: 2025-05-30 16:56
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/HT213259 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213259"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T16:56:28.861089Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T16:56:37.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T19:28:46.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT213259"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2022-26774",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A local attacker may be able to elevate their privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT213259",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT213259"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-26774",
        "datePublished": "2022-05-26T19:28:46.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2025-05-30T16:56:37.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26773 (GCVE-0-2022-26773)

    Vulnerability from nvd – Published: 2022-05-26 19:28 – Updated: 2025-05-30 16:57
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An application may be able to delete files for which it does not have permission
    • CWE-285 - Improper Authorization
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/HT213259 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213259"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26773",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T16:57:47.040336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-285",
                    "description": "CWE-285 Improper Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T16:57:55.555Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An application may be able to delete files for which it does not have permission",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T19:28:04.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT213259"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2022-26773",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "An application may be able to delete files for which it does not have permission"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT213259",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT213259"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-26773",
        "datePublished": "2022-05-26T19:28:04.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2025-05-30T16:57:55.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-4302 (GCVE-0-2018-4302)

    Vulnerability from nvd – Published: 2021-12-23 19:48 – Updated: 2024-08-05 05:11
    VLAI
    Summary
    A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS Affected: unspecified , < 11 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 4 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.7 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 7.0 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 10.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:11:22.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208144"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208112"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208115"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208141"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-23T19:48:29.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208144"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208112"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208115"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208141"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2018-4302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "10.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT208144",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208144"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208112",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208112"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208115",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208115"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208141",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208141"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208142",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2018-4302",
        "datePublished": "2021-12-23T19:48:29.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:11:22.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-30849 (GCVE-0-2021-30849)

    Vulnerability from nvd – Published: 2021-10-19 13:11 – Updated: 2024-08-03 22:48
    VLAI
    Summary
    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted web content may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.8 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple Safari Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:48:13.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212807"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212814"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212819"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212817"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212816"
              },
              {
                "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212869"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212953"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-19T12:06:18.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212807"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212816"
            },
            {
              "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212869"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212953"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-30849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Safari",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212807",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212807"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212814",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212814"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212819",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212819"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212815",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212815"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212817",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212817"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212816",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212816"
                },
                {
                  "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
                },
                {
                  "name": "https://support.apple.com/kb/HT212869",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212869"
                },
                {
                  "name": "https://support.apple.com/kb/HT212953",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212953"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-30849",
        "datePublished": "2021-10-19T13:11:42.000Z",
        "dateReserved": "2021-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:48:13.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-30835 (GCVE-0-2021-30835)

    Vulnerability from nvd – Published: 2021-10-19 13:11 – Updated: 2024-08-03 22:48
    VLAI
    Summary
    This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing a maliciously crafted image may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple Security Update - Catalina Affected: unspecified , < 2021 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:48:14.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212804"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212805"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212814"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212819"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212817"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212953"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Security Update - Catalina",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted image may lead to arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-20T20:07:05.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212804"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212805"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212953"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-30835",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Security Update - Catalina",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/kb/HT212804",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212804"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212805",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212805"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212814",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212814"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212819",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212819"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212815",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212815"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212817",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212817"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
                },
                {
                  "name": "https://support.apple.com/kb/HT212953",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212953"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-30835",
        "datePublished": "2021-10-19T13:11:52.000Z",
        "dateReserved": "2021-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:48:14.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1857 (GCVE-0-2021-1857)

    Vulnerability from nvd – Published: 2021-09-08 14:44 – Updated: 2024-08-03 16:25
    VLAI
    Summary
    A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted web content may disclose sensitive user information
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.11 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 12.3 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 11.3 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 2021 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:25:06.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212326"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212327"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212319"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212321"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may disclose sensitive user information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T14:44:51.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212326"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212327"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212319"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212321"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-1857",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted web content may disclose sensitive user information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212317",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212317"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212323",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212323"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212324",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212324"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212325",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212325"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212326",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212326"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212327",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212327"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212319",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212319"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212321",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212321"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-1857",
        "datePublished": "2021-09-08T14:44:51.000Z",
        "dateReserved": "2020-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:25:06.165Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1825 (GCVE-0-2021-1825)

    Vulnerability from nvd – Published: 2021-09-08 14:55 – Updated: 2024-08-03 16:25
    VLAI
    Summary
    An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted web content may lead to a cross site scripting attack
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple Safari Affected: unspecified , < 14.1 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.11 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 12.3 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 11.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:25:05.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212318"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212319"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212321"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to a cross site scripting attack",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T14:55:15.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212318"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212319"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212321"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-1825",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Safari",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted web content may lead to a cross site scripting attack"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212317",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212317"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212323",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212323"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212324",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212324"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212325",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212325"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212318",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212318"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212319",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212319"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212321",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212321"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-1825",
        "datePublished": "2021-09-08T14:55:15.000Z",
        "dateReserved": "2020-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:25:05.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1811 (GCVE-0-2021-1811)

    Vulnerability from nvd – Published: 2021-09-08 14:55 – Updated: 2024-08-03 16:25
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.
    Severity
    No CVSS data available.
    CWE
    • Processing a maliciously crafted font may result in the disclosure of process memory
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.11 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 12.3 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 11.3 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 2021 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:25:06.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212326"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212327"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212319"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212321"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted font may result in the disclosure of process memory",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T14:55:54.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212326"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212327"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212319"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212321"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-1811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted font may result in the disclosure of process memory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212317",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212317"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212323",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212323"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212324",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212324"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212325",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212325"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212326",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212326"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212327",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212327"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212319",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212319"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212321",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212321"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-1811",
        "datePublished": "2021-09-08T14:55:54.000Z",
        "dateReserved": "2020-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:25:06.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-44157 (GCVE-0-2024-44157)

    Vulnerability from cvelistv5 – Published: 2024-10-11 17:26 – Updated: 2026-04-02 18:16
    VLAI
    Summary
    A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Parsing a maliciously crafted video file may lead to unexpected system termination
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Apple Apple TV Affected: 0 , < 1.5.0 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: 0 , < 12.13.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44157",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T18:21:33.448425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:45:07.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apple TV",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Parsing a maliciously crafted video file may lead to unexpected system termination",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:16:25.758Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121328"
            },
            {
              "url": "https://support.apple.com/en-us/121441"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44157",
        "datePublished": "2024-10-11T17:26:55.533Z",
        "dateReserved": "2024-08-20T21:42:05.924Z",
        "dateUpdated": "2026-04-02T18:16:25.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44193 (GCVE-0-2024-44193)

    Vulnerability from cvelistv5 – Published: 2024-10-02 14:24 – Updated: 2026-04-02 18:08
    VLAI
    Summary
    A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: 0 , < 12.13.3 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.13.3 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.13.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T16:18:43.155219Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-281",
                    "description": "CWE-281 Improper Preservation of Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T15:46:57.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:08:19.183Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/121328"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-44193",
        "datePublished": "2024-10-02T14:24:36.119Z",
        "dateReserved": "2024-08-20T21:42:05.934Z",
        "dateUpdated": "2026-04-02T18:08:19.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-27793 (GCVE-0-2024-27793)

    Vulnerability from cvelistv5 – Published: 2024-05-08 22:15 – Updated: 2026-04-02 18:17
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Parsing a file may lead to an unexpected app termination or arbitrary code execution
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: 0 , < 12.13.2 (custom)
    Create a notification for this product.
    apple itunes Affected: 12.13.2
        cpe:2.3:a:apple:itunes:12.13.2:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:12.13.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.13.2"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-05T14:40:53.280615Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T13:48:11.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:18:05.159Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214099"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/8"
              },
              {
                "url": "https://support.apple.com/kb/HT214099"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Parsing a file may lead to an unexpected app termination or arbitrary code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:17:24.029Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120897"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27793",
        "datePublished": "2024-05-08T22:15:21.788Z",
        "dateReserved": "2024-02-26T15:32:28.515Z",
        "dateUpdated": "2026-04-02T18:17:24.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-48611 (GCVE-0-2022-48611)

    Vulnerability from cvelistv5 – Published: 2024-04-26 19:40 – Updated: 2024-09-06 17:48
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12.4 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.12.4 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T15:17:55.508Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.claris.com/s/answerview?anum=000041674\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.12.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-48611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-08T15:19:38.845531Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-06T17:48:52.571Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-26T19:40:16.059Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.claris.com/s/answerview?anum=000041674\u0026language=en_US"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-48611",
        "datePublished": "2024-04-26T19:40:16.059Z",
        "dateReserved": "2023-10-05T14:34:47.489Z",
        "dateUpdated": "2024-09-06T17:48:52.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-42938 (GCVE-0-2023-42938)

    Vulnerability from cvelistv5 – Published: 2024-03-14 18:24 – Updated: 2025-03-28 20:47
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.13 (custom)
    Create a notification for this product.
    apple itunes Affected: 0 , < 12.13.1 (custom)
        cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:37:21.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214091"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT214091"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "itunes",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "12.13.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-15T17:16:01.845440Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T20:47:45.124Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-14T18:25:06.268Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT214091"
            },
            {
              "url": "https://support.apple.com/kb/HT214091"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42938",
        "datePublished": "2024-03-14T18:24:02.258Z",
        "dateReserved": "2023-09-14T19:05:11.471Z",
        "dateUpdated": "2025-03-28T20:47:45.124Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32351 (GCVE-0-2023-32351)

    Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2024-12-05 16:57
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to gain elevated privileges
    • CWE-276 - Incorrect Default Permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:25.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213763"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T16:56:34.787907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-276",
                    "description": "CWE-276 Incorrect Default Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T16:57:21.486Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to gain elevated privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-27T03:46:17.730Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213763"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32351",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2024-12-05T16:57:21.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32353 (GCVE-0-2023-32353)

    Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2024-12-05 16:01
    VLAI
    Summary
    A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An app may be able to elevate privileges
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.930Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213763"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32353",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T15:58:41.973984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T16:01:25.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An app may be able to elevate privileges",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-27T03:45:57.372Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213763"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32353",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-05-08T00:00:00.000Z",
        "dateUpdated": "2024-12-05T16:01:25.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36521 (GCVE-0-2020-36521)

    Vulnerability from cvelistv5 – Published: 2022-09-23 18:58 – Updated: 2025-05-22 15:33
    VLAI
    Summary
    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.10 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 14.0 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 11.4 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 7.21 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.0 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 14.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:30:08.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211843"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211850"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211844"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211952"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211847"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT211846"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36521",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T15:33:51.276210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T15:33:57.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-23T18:58:31.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211843"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211850"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211844"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211952"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211847"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT211846"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2020-36521",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT211843",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211843"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211850",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211850"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211844",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211844"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211952",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211952"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211847",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211847"
                },
                {
                  "name": "https://support.apple.com/en-us/HT211846",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT211846"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2020-36521",
        "datePublished": "2022-09-23T18:58:31.000Z",
        "dateReserved": "2022-03-28T00:00:00.000Z",
        "dateUpdated": "2025-05-22T15:33:57.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26774 (GCVE-0-2022-26774)

    Vulnerability from cvelistv5 – Published: 2022-05-26 19:28 – Updated: 2025-05-30 16:56
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • A local attacker may be able to elevate their privileges
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/HT213259 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.523Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213259"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T16:56:28.861089Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T16:56:37.973Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A local attacker may be able to elevate their privileges",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T19:28:46.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT213259"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2022-26774",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "A local attacker may be able to elevate their privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT213259",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT213259"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-26774",
        "datePublished": "2022-05-26T19:28:46.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2025-05-30T16:56:37.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26773 (GCVE-0-2022-26773)

    Vulnerability from cvelistv5 – Published: 2022-05-26 19:28 – Updated: 2025-05-30 16:57
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • An application may be able to delete files for which it does not have permission
    • CWE-285 - Improper Authorization
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/HT213259 x_refsource_MISC
    Impacted products
    Vendor Product Version
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:11:44.504Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213259"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26773",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-30T16:57:47.040336Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-285",
                    "description": "CWE-285 Improper Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-30T16:57:55.555Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An application may be able to delete files for which it does not have permission",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-26T19:28:04.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT213259"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2022-26773",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "An application may be able to delete files for which it does not have permission"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT213259",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT213259"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-26773",
        "datePublished": "2022-05-26T19:28:04.000Z",
        "dateReserved": "2022-03-08T00:00:00.000Z",
        "dateUpdated": "2025-05-30T16:57:55.555Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-4302 (GCVE-0-2018-4302)

    Vulnerability from cvelistv5 – Published: 2021-12-23 19:48 – Updated: 2024-08-05 05:11
    VLAI
    Summary
    A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS Affected: unspecified , < 11 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 4 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.7 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 7.0 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 10.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:11:22.509Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208144"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208112"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208115"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208141"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT208142"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-23T19:48:29.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208144"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208112"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208115"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208141"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT208142"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2018-4302",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "10.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT208144",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208144"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208112",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208112"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208115",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208115"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208141",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208141"
                },
                {
                  "name": "https://support.apple.com/en-us/HT208142",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT208142"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2018-4302",
        "datePublished": "2021-12-23T19:48:29.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:11:22.509Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-30835 (GCVE-0-2021-30835)

    Vulnerability from cvelistv5 – Published: 2021-10-19 13:11 – Updated: 2024-08-03 22:48
    VLAI
    Summary
    This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing a maliciously crafted image may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple Security Update - Catalina Affected: unspecified , < 2021 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:48:14.173Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212804"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212805"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212814"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212819"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212817"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212953"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Security Update - Catalina",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted image may lead to arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-20T20:07:05.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212804"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212805"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212953"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-30835",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Security Update - Catalina",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted image may lead to arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/kb/HT212804",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212804"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212805",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212805"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212814",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212814"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212819",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212819"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212815",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212815"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212817",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212817"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
                },
                {
                  "name": "https://support.apple.com/kb/HT212953",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212953"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-30835",
        "datePublished": "2021-10-19T13:11:52.000Z",
        "dateReserved": "2021-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:48:14.173Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-30849 (GCVE-0-2021-30849)

    Vulnerability from cvelistv5 – Published: 2021-10-19 13:11 – Updated: 2024-08-03 22:48
    VLAI
    Summary
    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing maliciously crafted web content may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.8 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple Safari Affected: unspecified , < 15 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.12 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T22:48:13.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212807"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212814"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212819"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212817"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212816"
              },
              {
                "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
              },
              {
                "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
              },
              {
                "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212869"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/kb/HT212953"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-19T12:06:18.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212807"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212814"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212819"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212817"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212816"
            },
            {
              "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
            },
            {
              "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212869"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/kb/HT212953"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-30849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.8"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Safari",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing maliciously crafted web content may lead to arbitrary code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212807",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212807"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212814",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212814"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212819",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212819"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212815",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212815"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212817",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212817"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212816",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212816"
                },
                {
                  "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/60"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
                },
                {
                  "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
                },
                {
                  "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
                },
                {
                  "name": "https://support.apple.com/kb/HT212869",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212869"
                },
                {
                  "name": "https://support.apple.com/kb/HT212953",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/kb/HT212953"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-30849",
        "datePublished": "2021-10-19T13:11:42.000Z",
        "dateReserved": "2021-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T22:48:13.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1811 (GCVE-0-2021-1811)

    Vulnerability from cvelistv5 – Published: 2021-09-08 14:55 – Updated: 2024-08-03 16:25
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.
    Severity
    No CVSS data available.
    CWE
    • Processing a maliciously crafted font may result in the disclosure of process memory
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple iTunes for Windows Affected: unspecified , < 12.11 (custom)
    Create a notification for this product.
    Apple iCloud for Windows Affected: unspecified , < 12.3 (custom)
    Create a notification for this product.
    Apple tvOS Affected: unspecified , < 14.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: unspecified , < 7.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 11.3 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 2021 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T16:25:06.271Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212323"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212324"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212325"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212326"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212327"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212319"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT212321"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iTunes for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iCloud for Windows",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "7.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2021",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing a maliciously crafted font may result in the disclosure of process memory",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-08T14:55:54.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212323"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212324"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212325"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212326"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212327"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212319"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.apple.com/en-us/HT212321"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "product-security@apple.com",
              "ID": "CVE-2021-1811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iOS and iPadOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iTunes for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iCloud for Windows",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "12.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "tvOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "14.5"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "watchOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "11.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "macOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2021"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apple"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Processing a maliciously crafted font may result in the disclosure of process memory"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.apple.com/en-us/HT212317",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212317"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212323",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212323"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212324",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212324"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212325",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212325"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212326",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212326"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212327",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212327"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212319",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212319"
                },
                {
                  "name": "https://support.apple.com/en-us/HT212321",
                  "refsource": "MISC",
                  "url": "https://support.apple.com/en-us/HT212321"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2021-1811",
        "datePublished": "2021-09-08T14:55:54.000Z",
        "dateReserved": "2020-12-08T00:00:00.000Z",
        "dateUpdated": "2024-08-03T16:25:06.271Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }