Apple Music
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple Music.
Recent Apple Music Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 124156 | Apple Music Classical 2.3 for Android - Apple Security Content | June 19, 2025 |
| 122043 | Apple Music 1.5.0.152 for Windows - Apple Security Content | October 3, 2024 |
| HT213833 | Apple Music 4.2.0 for Android Security Content | May 23, 2023 |
| HT213473 | Apple Music 3.9.10 for Android Security Content | June 14, 2022 |
| HT213472 | Apple Music 3.5.0 for Android Security Content | April 26, 2021 |
| HT211898 | Apple Music 3.4.0 for Android Security Content | October 26, 2020 |
| HT207605 | Apple Music 2.0 for Android Security Content | April 4, 2017 |
By the Year
In 2026 there have been 0 vulnerabilities in Apple Music. Last year, in 2025 Music had 2 security vulnerabilities published. Right now, Music is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 4.30 |
| 2024 | 0 | 0.00 |
| 2023 | 7 | 5.84 |
| 2022 | 1 | 6.10 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
It may take a day or so for new Music vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Music Security Vulnerabilities
Apple Music Classical credential leakage on Android before 2.3
CVE-2025-43201
- August 15, 2025
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
Apple Music 1.5 for Windows: Input Sanitization Flaw Exposes Data
CVE-2024-54540
4.3 - Medium
- January 15, 2025
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.
Apple Music <4.2.0 Android: Improper Check Enables Contacts (CVE-2023-28203)
CVE-2023-28203
5.5 - Medium
- July 28, 2023
The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.
Apple Music <4.2 (Android) Network Traffic Interception via HTTP
CVE-2023-32427
5.9 - Medium
- July 28, 2023
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.
Apple Music local info disclosure due missing permission check
CVE-2023-33880
3.3 - Low
- July 12, 2023
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
AuthZ
Apple Music 3.9.10 Android state mgmt flaw exposing sensitive data
CVE-2022-32836
7.5 - High
- February 27, 2023
This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.
Apple Music Android 3.9.9: Logic flaw gives access to user-sensitive data
CVE-2022-32846
7.5 - High
- February 27, 2023
A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.
Apple Music <3.9.10 (Android) Unencrypted Traffic Interception
CVE-2022-32906
5.3 - Medium
- February 27, 2023
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections.
Apple Music Android <3.5.0: HTTP leaks user activity (CVE-2021-46841)
CVE-2021-46841
5.9 - Medium
- February 27, 2023
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music
CVE-2022-23603
6.1 - Medium
- February 01, 2022
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.
Output Sanitization
This issue was addressed with improved checks to prevent unauthorized actions
CVE-2020-9982
- October 27, 2020
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Music or by Apple? Click the Watch button to subscribe.
