Apple iTunes and macOS CVE-2019-8801 DLL Loading Arbitrary Code Execution Vulnerability

Description

Apple iTunes and macOS are prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition.

Technologies Affected

• Apple iTunes 10
• Apple iTunes 10.0
• Apple iTunes 10.0.1
• Apple iTunes 10.1
• Apple iTunes 10.1.1
• Apple iTunes 10.1.1.4
• Apple iTunes 10.1.2
• Apple iTunes 10.2
• Apple iTunes 10.2.2
• Apple iTunes 10.2.2.12
• Apple iTunes 10.3
• Apple iTunes 10.3.1
• Apple iTunes 10.4
• Apple iTunes 10.4.0.80
• Apple iTunes 10.4.1
• Apple iTunes 10.4.1.10
• Apple iTunes 10.5
• Apple iTunes 10.5.1
• Apple iTunes 10.5.1.42
• Apple iTunes 10.5.2
• Apple iTunes 10.5.3
• Apple iTunes 10.6
• Apple iTunes 10.6.1
• Apple iTunes 10.6.1.7
• Apple iTunes 10.6.3
• Apple iTunes 10.7
• Apple iTunes 11.0
• Apple iTunes 11.0.0.163
• Apple iTunes 11.0.1
• Apple iTunes 11.0.2
• Apple iTunes 11.0.3
• Apple iTunes 11.0.4
• Apple iTunes 11.0.5
• Apple iTunes 11.1
• Apple iTunes 11.1.1
• Apple iTunes 11.1.2
• Apple iTunes 11.1.3
• Apple iTunes 11.1.4
• Apple iTunes 11.1.5
• Apple iTunes 11.2
• Apple iTunes 11.2.1
• Apple iTunes 12.0.1
• Apple iTunes 12.10.1
• Apple iTunes 12.2
• Apple iTunes 12.3
• Apple iTunes 12.3.1
• Apple iTunes 12.3.2
• Apple iTunes 12.4
• Apple iTunes 12.4.2
• Apple iTunes 12.5.1
• Apple iTunes 12.5.2
• Apple iTunes 12.5.4
• Apple iTunes 12.5.5
• Apple iTunes 12.6
• Apple iTunes 12.6.2
• Apple iTunes 12.7
• Apple iTunes 12.7.2
• Apple iTunes 12.7.3
• Apple iTunes 12.7.4
• Apple iTunes 12.7.5
• Apple iTunes 12.8
• Apple iTunes 12.9.2
• Apple iTunes 12.9.3
• Apple iTunes 12.9.4
• Apple iTunes 12.9.5
• Apple iTunes 4.0.0
• Apple iTunes 4.0.1
• Apple iTunes 4.1.0
• Apple iTunes 4.2.0
• Apple iTunes 4.5.0
• Apple iTunes 4.6.0
• Apple iTunes 4.7.0
• Apple iTunes 4.7.1
• Apple iTunes 4.7.2
• Apple iTunes 4.8.0
• Apple iTunes 4.9.0
• Apple iTunes 5.0.0
• Apple iTunes 5.0.1
• Apple iTunes 6.0.0
• Apple iTunes 6.0.1
• Apple iTunes 6.0.2
• Apple iTunes 6.0.3
• Apple iTunes 6.0.4
• Apple iTunes 6.0.5
• Apple iTunes 7.0.0
• Apple iTunes 7.0.1
• Apple iTunes 7.0.2
• Apple iTunes 7.1.0
• Apple iTunes 7.1.1
• Apple iTunes 7.2.0
• Apple iTunes 7.3.0
• Apple iTunes 7.3.1
• Apple iTunes 7.3.2
• Apple iTunes 7.4
• Apple iTunes 7.4.0
• Apple iTunes 7.4.1
• Apple iTunes 7.4.2
• Apple iTunes 7.4.3
• Apple iTunes 7.5
• Apple iTunes 7.6
• Apple iTunes 7.6.1
• Apple iTunes 7.6.2
• Apple iTunes 7.7
• Apple iTunes 7.7.1
• Apple iTunes 8.0
• Apple iTunes 8.0.0
• Apple iTunes 8.0.1
• Apple iTunes 8.0.2.20
• Apple iTunes 8.1
• Apple iTunes 8.2
• Apple iTunes 9.0.0
• Apple iTunes 9.0.1
• Apple iTunes 9.0.1.8
• Apple iTunes 9.0.2
• Apple iTunes 9.0.3
• Apple iTunes 9.1
• Apple iTunes 9.1.1
• Apple iTunes 9.2
• Apple iTunes 9.2.1
• Apple macOS 10.12
• Apple macOS 10.12.1
• Apple macOS 10.12.2
• Apple macOS 10.12.3
• Apple macOS 10.12.4
• Apple macOS 10.12.5
• Apple macOS 10.12.6
• Apple macOS 10.13
• Apple macOS 10.13.1
• Apple macOS 10.13.2
• Apple macOS 10.13.3
• Apple macOS 10.13.4
• Apple macOS 10.13.5
• Apple macOS 10.13.6
• Apple macOS 10.14
• Apple macOS 10.14.1
• Apple macOS 10.14.2
• Apple macOS 10.14.3
• Apple macOS 10.14.4
• Apple macOS 10.14.5
• Apple macOS 10.14.6
• Apple macOS 10.15

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Ensure that only trusted users have local, interactive access to affected computers.

Updates are available. Please see the references or vendor advisory for more information.