The Windows version of iTunes cannot rely on the Safari version of WebKit being present (thank God Apple doesn’t require Safari to be installed), so Apple includes the needed libraries inside of the iTunes for Windows package. What is unclear is why Apple has waited for so long to release these fixes for Windows users of iTunes. Let’s take a look at the history of the oldest vulnerability fixed, CVE-2012-2824.ĬVE-2012-2824 is a “use after free” vulnerability in the SVG parsing code in WebKit. It has a CVSS severity score of 10, is considered easy to remotely exploit and could result in remote code execution (RCE). It was first reported on 27 April 2012 by miaubiz and was fixed in Google Chrome’s implementation of WebKit on 26 June 2012, about 2 months from initially being reported.Īpple’s first attempt at fixing this flaw was in iOS 6.0.1 and Safari 6.0.2 on 1 November 2012, approximately six months after being reported. It is on of the vulnerabilities bundled into today’s iTunes 11.0.3 update more than one year after disclosure.Īnother vulnerability of note fixed in today’s Windows version of iTunes is CVE-2012-5112, or as it is better known the Pinkie Pie vulnerability from Google’s Pwnium 2 contest at the Hack in the Box 2012 conference. In combination with another flaw this bug won Pinkie Pie $60,000 USD and a Chromebook courtesy of Google. While I do question the amount of time Apple needed to fix these bugs, that isn’t the point of this post. The point is you should update iTunes now, especially if you are a Windows user who needs it to manage your music, movies, TV shows, iPad or iPod. įollow on Twitter for the latest computer security news.įollow on Instagram for exclusive pics, gifs, vids and LOLs! The latest version of iTunes for Windows or OS X is always available at. If you are using a Mac, you can use the Software Update feature to update iTunes. The following 2 links describe how to do this: #Old itunes for mac 10.7.5 update#
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |