CVE-2019-6232

HIGH

iCloud for Windows < 7.11 - Arbitrary Code Execution via Race Condition in iTunes Installer

Title source: llm

Description

A race condition existed during the installation of iTunes for Windows. This was addressed with improved state handling. This issue is fixed in iCloud for Windows 7.11. Running the iTunes installer in an untrusted directory may result in arbitrary code execution.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/HT209605

Scores

CVSS v3 7.5

EPSS 0.0117

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (1)

apple/icloud < 7.11

Published Dec 18, 2019

Tracked Since Feb 18, 2026