8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.954 High
EPSS
Percentile
99.3%
05/29/2018
Critical
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information.
Apple iTunes earlier than 12.7.5
Update to the latest version
Download iTunes
About the security content of iTunes 12.7.5 for Windows
ACE
CVE-2018-41946.8High
CVE-2018-42186.8High
CVE-2018-42466.8High
CVE-2018-42226.8High
CVE-2018-42242.1Warning
CVE-2018-42252.1Warning
CVE-2018-42262.1Warning
CVE-2018-42324.3Warning
CVE-2018-42336.8High
CVE-2018-41884.3Warning
CVE-2018-41904.3Warning
CVE-2018-41925.1High
CVE-2018-41996.8High
CVE-2018-42006.8High
CVE-2018-42016.8High
CVE-2018-42046.8High
CVE-2018-42146.8High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4192
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4194
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4201
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4214
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4218
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4222
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4233
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4246
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT208852
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.954 High
EPSS
Percentile
99.3%