Description
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code execution.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- Apple / iTunes for Windows0 – 12.13.2
References
- VENDOR_ADVISORYhttps://support.apple.com/en-us/120897