- Jan 24, 2011
- 9,378
Apple has released a new version of its ubiquitous iTunes software that includes fixes for nearly 60 vulnerabilities, including several bugs that could be used to run remote code on vulnerable machines.
Most of the vulnerabilities that Apple fixed with the release of iTunes 10.2 lie in the open source WebKit layout engine that underpins iTunes. Many of the vulnerabilities can be used by attackers to either crash iTunes or execute arbitrary code on the PC. Apple recommends that users download the new version immediately.
"Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution," Apple said in its advisory.
More details - link
Most of the vulnerabilities that Apple fixed with the release of iTunes 10.2 lie in the open source WebKit layout engine that underpins iTunes. Many of the vulnerabilities can be used by attackers to either crash iTunes or execute arbitrary code on the PC. Apple recommends that users download the new version immediately.
"Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution," Apple said in its advisory.
More details - link