CVE-2019-8801

Published: Dec 18, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

Affected (2)

Products: Apple: Itunes, Mac Os X

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Itunes	Before 12.10.2
Apple Mac Os X	Before 10.15.1

Related CWEs

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (4)

https://support.apple.com/HT210722

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT210726

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/HT210722

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.apple.com/HT210726

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.