CVE-2019-8801
First published: Tue Oct 29 2019(Updated: )
A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.
Credit: Hou JingYi @hjy79425575 Qihoo 360 CERTHou JingYi @hjy79425575 Qihoo 360 CERT product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iTunes for Windows | <12.10.2 | 12.10.2 |
| Apple macOS Catalina | <10.15.1 | 10.15.1 |
| Apple Itunes Windows | <12.10.2 | |
| Apple Mac OS X | <10.15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8784
- CVE-2019-8801
- CVE-2019-8813
- CVE-2019-8782
- CVE-2019-8783
- CVE-2019-8808
- CVE-2019-8811
- CVE-2019-8812
- CVE-2019-8814
- CVE-2019-8816
- CVE-2019-8819
- CVE-2019-8820
- CVE-2019-8821
- CVE-2019-8822
- CVE-2019-8823
- CVE-2019-8827
- CVE-2019-8815
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8824
- CVE-2019-8803
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8788
- CVE-2019-8706
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8850
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8592
- CVE-2019-8705
- CVE-2019-8825
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8509
- CVE-2019-8798
- CVE-2019-8746
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8807
- CVE-2019-8759
- CVE-2019-8709
- CVE-2019-8794
- CVE-2019-8717
- CVE-2019-8786
- CVE-2019-8744
- CVE-2019-8829
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8802
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8761
- CVE-2019-15126
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-8801.
What is the severity level of CVE-2019-8801?
The severity level of CVE-2019-8801 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2019-8801?
CVE-2019-8801 affects iTunes for Windows versions up to and excluding 12.10.2, macOS Catalina versions up to and excluding 10.15.1.
How can I fix the vulnerability in iTunes for Windows?
To fix the vulnerability in iTunes for Windows, update to version 12.10.2 or newer.
How can I fix the vulnerability in macOS Catalina?
To fix the vulnerability in macOS Catalina, update to version 10.15.1 or newer.
- collector/apple-support
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple macos catalina
- canonical/apple itunes windows
- canonical/apple mac os x