vulnerability

Apple iTunes security update for CVE-2018-4302

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Oct 19, 2018	Oct 19, 2018	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Oct 19, 2018

Added

Oct 19, 2018

Modified

Mar 27, 2026

Description

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Solution

apple-itunes-upgrade-12_7

References

CVE-2018-4302
https://attackerkb.com/topics/CVE-2018-4302
CWE-476
EUVD-EUVD-2018-16088
http://support.apple.com/kb/HT208141
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-16088

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report