8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.92 High
EPSS
Percentile
98.9%
10/30/2018
Critical
Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and perform cross-site scripting attack.
Apple iTunes earlier than 12.9.1
Update to the latest version
Download iTunes
About the security content of iTunes 12.9.1
ACE
CVE-2018-43985.0Warning
CVE-2018-43946.8High
CVE-2018-43744.3Warning
CVE-2018-43774.3Warning
CVE-2018-44094.3Warning
CVE-2018-43786.8High
CVE-2018-43726.8High
CVE-2018-43736.8High
CVE-2018-43756.8High
CVE-2018-43766.8High
CVE-2018-43826.8High
CVE-2018-43866.8High
CVE-2018-43926.8High
CVE-2018-44166.8High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4374
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4375
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4416
statistics.securelist.com/vulnerability-scan/month
support.apple.com/en-us/HT209197
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Apple-iTunes/
www.apple.com/itunes/download/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.92 High
EPSS
Percentile
98.9%