CVE-2015-5808

Name of the Vulnerable Software and Affected Versions Apple iTunes versions prior to 12.3

Description The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash. This is related to vectors involving iTunes Store browsing. The vulnerability is caused by a buffer overflow in the WebKit component. Exploitation can enable a remote attacker to execute arbitrary code or cause a denial of service by manipulating functions related to iTunes Store browsing.

Recommendations For versions prior to 12.3, update to version 12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to iTunes Store browsing functionality until the update is applied.