PT-2019-19227 · Apple · Macos Catalina+1

Hjy79425575

Published

2019-12-18

Updated

2019-12-30

CVE-2019-8801

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iTunes for Windows versions prior to 12.10.2 macOS Catalina versions prior to 10.15.1

Description A dynamic library loading issue existed in iTunes setup, which could result in arbitrary code execution if the iTunes installer was run in an untrusted directory. This issue was addressed with improved path searching.

Recommendations For iTunes for Windows versions prior to 12.10.2, update to version 12.10.2 or later. For macOS Catalina versions prior to 10.15.1, update to version 10.15.1 or later.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2019-8801

Affected Products

Itunes

Macos Catalina

PT-2019-19227 · Apple · Macos Catalina+1

CVE-2019-8801

Weakness Enumeration

Related Identifiers

Affected Products

References · 4