PT-2019-18040 · Apple · Itunes For Windows+1

Stefan Kanthak

Published

2019-12-18

Updated

2019-12-21

CVE-2019-6232

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions iCloud for Windows versions prior to 7.11

Description A race condition existed during the installation of iTunes for Windows, which could result in arbitrary code execution if the iTunes installer is run in an untrusted directory. This issue was addressed with improved state handling.

Recommendations For versions prior to 7.11, update to iCloud for Windows version 7.11 to resolve the issue. As a temporary workaround, consider avoiding the installation of iTunes in untrusted directories until the update is applied.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2019-6232

Affected Products

Icloud For Windows

Itunes For Windows

PT-2019-18040 · Apple · Itunes For Windows+1

CVE-2019-6232

Weakness Enumeration

Related Identifiers

Affected Products

References · 3