vulnerability

Apple iTunes security update for CVE-2018-4302

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 19, 2018	Oct 19, 2018	Aug 11, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 19, 2018

Added

Oct 19, 2018

Modified

Aug 11, 2025

Description

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Solution

apple-itunes-upgrade-12_7

References

CVE-2018-4302
https://attackerkb.com/topics/CVE-2018-4302
CWE-476
URL-http://support.apple.com/kb/HT208141

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today