CVE-2019-8801
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
Un problema de carga dinámica de la biblioteca existía en la configuración de iTunes. Esto fue abordado con una mejor búsqueda de ruta. Este problema es corregido en macOS Catalina versión 10.15.1, iTunes para Windows versión 12.10.2. Ejecutar el instalador de iTunes en un directorio no confiable puede resultar en una ejecución de código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-18 CVE Reserved
- 2019-11-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-426: Untrusted Search Path
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.apple.com/HT210722 | 2019-12-30 | |
| https://support.apple.com/HT210726 | 2019-12-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Itunes Search vendor "Apple" for product "Itunes" | < 12.10.2 Search vendor "Apple" for product "Itunes" and version " < 12.10.2" | windows |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.15.1 Search vendor "Apple" for product "Mac Os X" and version " < 10.15.1" | - |
Affected
| ||||||