Apple Itunes vulnerabilities
922 known vulnerabilities affecting apple/itunes.
Total CVEs
922
CISA KEV
2
actively exploited
Public exploits
75
Exploited in wild
3
Severity breakdown
CRITICAL112HIGH479MEDIUM326LOW5
Vulnerabilities
Page 16 of 47
CVE-2018-4194HIGHCVSS 8.8fixed in 12.7.52019-01-11
CVE-2018-4194 [HIGH] CWE-125 CVE-2018-4194: In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Wi
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
nvd
CVE-2018-4262HIGHCVSS 8.8fixed in 12.82019-01-11
CVE-2018-4262 [HIGH] CWE-119 CVE-2018-4262: In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, multiple memory corruption issues were addressed with improved memory handling.
nvd
CVE-2018-4208HIGHCVSS 8.8fixed in 12.7.42019-01-11
CVE-2018-4208 [HIGH] CWE-20 CVE-2018-4208: In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS bef
In iOS before 11.3, Safari before 11.1, iCloud for Windows before 7.4, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, unexpected interaction causes an ASSERT failure. This issue was addressed with improved checks.
nvd
CVE-2018-4278MEDIUMCVSS 4.3fixed in 12.82019-01-11
CVE-2018-4278 [MEDIUM] CVE-2018-4278: In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iClo
In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.
nvd
CVE-2018-4233HIGHCVSS 8.8PoCfixed in 12.7.52018-06-08
CVE-2018-4233 [HIGH] CWE-119 CVE-2018-4233: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4222HIGHCVSS 8.8PoCfixed in 12.7.52018-06-08
CVE-2018-4222 [HIGH] CWE-125 CVE-2018-4222: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4246HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4246 [HIGH] CWE-704 CVE-2018-4246: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4214HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4214 [HIGH] CWE-119 CVE-2018-4214: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of
nvd
CVE-2018-4192HIGHCVSS 7.5PoCfixed in 12.7.52018-06-08
CVE-2018-4192 [HIGH] CWE-362 CVE-2018-4192: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4201HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4201 [HIGH] CWE-119 CVE-2018-4201: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4204HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4204 [HIGH] CWE-119 CVE-2018-4204: An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is
An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code
nvd
CVE-2018-4190HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4190 [HIGH] CWE-522 CVE-2018-4190: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is tra
nvd
CVE-2018-4199HIGHCVSS 8.8fixed in 12.7.52018-06-08
CVE-2018-4199 [HIGH] CWE-119 CVE-2018-4199: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service
nvd
CVE-2018-4200HIGHCVSS 8.8PoCfixed in 12.7.52018-06-08
CVE-2018-4200 [HIGH] CWE-416 CVE-2018-4200: An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service
nvd
CVE-2018-4218HIGHCVSS 8.8PoCfixed in 12.7.52018-06-08
CVE-2018-4218 [HIGH] CWE-416 CVE-2018-4218: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary
nvd
CVE-2018-4224MEDIUMCVSS 5.5fixed in 12.7.52018-06-08
CVE-2018-4224 [MEDIUM] CWE-200 CVE-2018-4224: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended re
nvd
CVE-2018-4226MEDIUMCVSS 5.5fixed in 12.7.52018-06-08
CVE-2018-4226 [MEDIUM] CWE-200 CVE-2018-4226: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on the reading of s
nvd
CVE-2018-4225MEDIUMCVSS 5.5fixed in 12.7.52018-06-08
CVE-2018-4225 [MEDIUM] CWE-20 CVE-2018-4225: An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local users to bypass intended restrictions on Keychain state mo
nvd
CVE-2018-4232MEDIUMCVSS 4.3fixed in 12.7.52018-06-08
CVE-2018-4232 [MEDIUM] CVE-2018-4232: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site.
nvd
CVE-2018-4188MEDIUMCVSS 6.5fixed in 12.7.52018-06-08
CVE-2018-4188 [MEDIUM] CWE-20 CVE-2018-4188: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site.
nvd