iTunes Pwn: Privilege Escalation via Logic Flaw (fixed in 12.12.9 for Win)
CVE-2023-32351 Published on June 23, 2023
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2023-32351
Want to know whenever a new CVE is published for Apple iTunes? stack.watch will email you.
Affected Versions
Apple iTunes for Windows:- Version unspecified and below 12.12 is affected.
Exploit Probability
EPSS
0.05%
Percentile
16.46%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.