Remote code execution in iTunes - CVE-2016-7578
Published: October 31, 2016
Vulnerability identifier: #VU1096
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-7578
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
iTunes
iTunes
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can trigger a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can trigger a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
How to mitigate CVE-2016-7578
Update to version 12.5.2.