CVE-2020-3861: High severity itunes vulnerability

Q: What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-3861.

Q: What is the affected software?

The affected software is iTunes for Windows version up to exclusive 12.10.4.

Q: What was the issue addressed in this vulnerability?

The issue addressed in this vulnerability is related to improved permissions logic in the Mobile Device Service.

Q: How can I fix this vulnerability?

To fix this vulnerability, update iTunes for Windows to version 12.10.4 or higher.

Q: Where can I find more information about this vulnerability?

More information about this vulnerability can be found on the Apple support website at https://support.apple.com/en-us/HT210923.

Published Jan 28, 2020

Updated

Mobile Device Service. The issue was addressed with improved permissions logic.

Other sources

The issue was addressed with improved permissions logic. This issue is fixed in iTunes for Windows 12.10.4. A user may gain access to protected parts of the file system.

Credit

Andrea Pierini@@decoder_it, Christian Danieli@@padovah4ck

Affected Software

2 affected componentsFixes available

apple Itunes Windows<12.10.4

apple iTunes for Windows<12.10.4

12.10.4

Event History

Feb 27, 2020

CVE Published

via MITRE·08:45 PM

Data Sourced

via MITRE·08:45 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

HT210923

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2020-3861.

What is the affected software?