CVE-2015-5815

Name of the Vulnerable Software and Affected Versions Apple iTunes versions prior to 12.3

Description The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via vectors related to iTunes Store browsing. It is caused by a buffer overflow in the WebKit component. Exploitation of this issue may enable a remote attacker to execute arbitrary code or cause a denial of service by manipulating functions related to iTunes Store browsing.

Recommendations For Apple iTunes versions prior to 12.3, update to version 12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the iTunes Store to minimize the risk of exploitation. Avoid using the affected WebKit component for browsing until the issue is resolved.