Rewterz Threat Advisory – CVE-2022-21500 – Oracle E-Business Suite Vulnerability
May 20, 2022Rewterz Threat Advisory – CVE-2022-25617 – WordPress Code Snippets plugin Vulnerability
May 20, 2022Rewterz Threat Advisory – CVE-2022-21500 – Oracle E-Business Suite Vulnerability
May 20, 2022Rewterz Threat Advisory – CVE-2022-25617 – WordPress Code Snippets plugin Vulnerability
May 20, 2022Severity
High
Analysis Summary
CVE-2022-26773 CVSS:7.7
Apple iTunes could allow a local attacker to bypass security restrictions, caused by a logic issue in the state management. By using a specially-crafted application, an attacker could exploit this vulnerability to delete files.
CVE-2022-26774 CVSS:7.8
Apple iTunes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a logic issue in improved state management. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
Impact
- Security Bypass
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2022-26773
- CVE-2022-26774
Affected Vendors
- Apple
Affected Products
- Apple iTunes for Windows 12.12.3
Remediation
Refer to Apple Security Document for patch, upgrade or suggested workaround information.