Vulnerabilities > CVE-2020-27895 - Unspecified vulnerability in Apple Itunes

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

apple

NVD

Published: 2020-12-08

Updated: 2021-07-21

Summary

An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.

Vulnerable Configurations

Part	Description	Count
Application	Apple Apple Itunes 12.0.0 Apple Itunes 12.0.4 Apple Itunes 12.1.3 Apple Itunes 12.4.1 Apple Itunes 12.4.3 Apple Itunes 12.5.5 Apple Itunes 12.5.5.5 Apple Itunes 12.8 Apple Itunes 12.9 Apple Itunes 12.9.0 Apple Itunes 12.9.1 Apple Itunes 12.9.2 Apple Itunes 12.9.3 Apple Itunes 12.9.4 Apple Itunes 12.9.5 Apple Itunes 12.9.6 Apple Itunes 12.10.1 Apple Itunes 12.10.2 Apple Itunes 12.10.3 Apple Itunes 12.10.4 Apple Itunes 12.10.5 Apple Itunes 12.10.7 Apple Itunes 12.10.8 Apple Itunes 12.10.9	24

References

https://support.apple.com/en-us/HT211933