Thursday, June 17, 2010

Apple iTunes 9.2 released

WebKit security flaws haunt Apple's iTunes | ZDNet
Apple has shipped a critical security patch for its iTunes media player to fix several gaping security holes that expose Windows users to hacker attacks.

The vulnerabilities could be exploited to launch remote code execution attacks if a user simply opens an image file or surfs to a rigged Web site. The update applies to Windows 7, Windows Vista and Windows XP machines.

In all, the new iTunes 9.2 fixes 40 documented vulnerabilities, most affecting the WebKit rendering engine. The WebKit vulnerabilities are the same that affected Apple’s Safari browser.
US-CERT Current Activity: Apple Releases iTunes 9.2
       added June 17, 2010 at 08:19 am
Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4220 and apply any necessary updates to help mitigate the risks.

No comments: