This page lists publicly disclosed CVE vulnerabilities affecting apple music (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-54540 | The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | [email protected] | 4.3 | 0.21% | 2025-01-15 | 2026-06-17 |
| CVE-2023-32427 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic. | [email protected] | 5.9 | 0.35% | 2023-07-28 | 2026-06-17 |
| CVE-2023-28203 | The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts. | [email protected] | 5.5 | 0.18% | 2023-07-28 | 2026-06-17 |
| CVE-2022-32906 | This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections. | [email protected] | 5.3 | 0.35% | 2023-02-27 | 2026-06-17 |
| CVE-2022-32846 | A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | [email protected] | 7.5 | 0.61% | 2023-02-27 | 2026-06-17 |
| CVE-2022-32836 | This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. | [email protected] | 7.5 | 0.55% | 2023-02-27 | 2026-06-17 |
| CVE-2021-46841 | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. | [email protected] | 5.9 | 0.47% | 2023-02-27 | 2026-06-17 |
| CVE-2020-9982 | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials. | [email protected] | 5.5 | 0.75% | 2020-10-27 | 2026-06-16 |