The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory.
Base Score: 4.3
Impact Score: 2.9
Exploitability Score: 8.6
Base Score: 6.5
Impact Score: 3.6
Exploitability Score: 2.8
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from 10.14 to 10.14.5 (inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from 10.15 to 10.15.5 (inclusive)
|149061||Apple iOS < 14.5 Multiple Vulnerabilities (HT212317)||Nessus||Mobile Devices|
|149043||macOS 10.14.x < 10.14.6 Security Update 2021-003 Mojave (HT212327)||Nessus||MacOS X Local Security Checks|
|149042||macOS 10.15.x < 10.15.7 Security Update 2021-002 Catalina (HT212326)||Nessus||MacOS X Local Security Checks|
|149041||macOS 11.x < 11.3 (HT212325)||Nessus||MacOS X Local Security Checks|
|149023||Apple iTunes < 12.11.3 Multiple Vulnerabilities (credentialed check)||Nessus||Windows|
|149022||Apple iTunes < 12.11.3 Multiple Vulnerabilities (uncredentialed check)||Nessus||Peer-To-Peer File Sharing|