CVE-2023-42938

A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.13.1 for Windows. A local attacker may be able to elevate their privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*

History

28 Mar 2025, 21:15

Type Values Removed Values Added
CWE CWE-693

09 Dec 2024, 14:48

Type Values Removed Values Added
First Time Apple
Apple itunes
CPE cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
CWE NVD-CWE-noinfo
References () https://support.apple.com/en-us/HT214091 - () https://support.apple.com/en-us/HT214091 - Vendor Advisory
References () https://support.apple.com/kb/HT214091 - () https://support.apple.com/kb/HT214091 - Vendor Advisory
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 7.8

21 Nov 2024, 08:23

Type Values Removed Values Added
References () https://support.apple.com/en-us/HT214091 - () https://support.apple.com/en-us/HT214091 -
References () https://support.apple.com/kb/HT214091 - () https://support.apple.com/kb/HT214091 -

26 Aug 2024, 15:35

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iTunes 12.13.1 para Windows. Un atacante local podría aumentar sus privilegios.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4

14 Mar 2024, 20:15

Type Values Removed Values Added
References
  • () https://support.apple.com/kb/HT214091 -

14 Mar 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-14 19:15

Updated : 2025-03-28 21:15


NVD link : CVE-2023-42938

Mitre link : CVE-2023-42938

CVE.ORG link : CVE-2023-42938


JSON object : View

Products Affected

apple

  • itunes
CWE
NVD-CWE-noinfo CWE-693

Protection Mechanism Failure