CVE-2020-27895
CVE-2020-27895
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.
Affected products
Apple · iTunes for WindowsReferences
https://support.apple.com/en-us/HT211933