8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.085 Low
EPSS
Percentile
94.3%
09/25/2017
High
Multiple serious vulnerabilities have been found in Apple iTunes for Windows. These vulnerabilities have been found in WebKit component and can be exploited remotely to execute arbitrary code, perform cross-site scripting, bypass security restrictions and obtain sensitive information.
Apple iTunes for Windows versions earlier than 12.7
Update to the latest version
Download iTunes
About the security content of iTunes 12.7 for Windows
ACE
CVE-2017-70816.8High
CVE-2017-70876.8High
CVE-2017-70905.0Warning
CVE-2017-70916.8High
CVE-2017-70926.8High
CVE-2017-70936.8High
CVE-2017-70946.8High
CVE-2017-70956.8High
CVE-2017-70966.8High
CVE-2017-70986.8High
CVE-2017-70996.8High
CVE-2017-71006.8High
CVE-2017-71026.8High
CVE-2017-71046.8High
CVE-2017-71076.8High
CVE-2017-71094.3Warning
CVE-2017-71116.8High
CVE-2017-71176.8High
CVE-2017-71206.8High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7091
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7099
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7100
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7102
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7107
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7109
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7117
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7120
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT208141
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.085 Low
EPSS
Percentile
94.3%