#VU1096 Remote code execution in iTunes - CVE-2016-7578
Published: October 31, 2016
Vulnerability identifier: #VU1096
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2016-7578
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
iTunes
iTunes
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a remote unauthenticated user to execute arbitrary code on the target system.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can trigger a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
The weakness is due to input validation flaw. By persuading the victim to load a specially crafted web content, a remote attacker can trigger a memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Remediation
Update to version 12.5.2.