CVE-2016-1742
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Date published : 2016-05-20
http://lists.apple.com/archives/security-announce/2016/May/msg00006.html