iTunes 10.2.2 closes security holes
Apple has released version 10.2.2 of its popular iTunes media player software, a maintenance and security update that addresses a number of bugs and fixes two security vulnerabilities. According to Apple, version 10.2.2 corrects two issues in the WebKit browser engine used by iTunes that could lead to arbitrary code execution via a man-in-the-middle attack while browsing the iTunes Store.
Only the Windows version of iTunes is affected. Apple fixed the same issues on Mac OS X systems via the recent Safari 5.0.5 update. The latest iOS updates from earlier this month also corrected the same problems in Apple's iPhone, iPad and iPod Touch devices.
In addition to closing the above security vulnerabilities, the iTunes update also fixes problems that could cause the application to become unresponsive when syncing an iPad. Other changes include updates that prevent video previews on the iTunes Store from skipping while playing, iOS photo syncing improvements and various bug fixes that improve the overall stability and performance of iTunes.
Version 10.2.2 of iTunes is available to download for Windows (32- and 64-bit) and Mac OS X 10.5 or later. Alternatively, Mac OS X users can upgrade to the latest release via the built-in Software Update function. All users are advised to upgrade as soon as possible.
See also:
- About the security content of iTunes 10.2.2, security advisory from Apple.
- Apple releases Safari 5.0.5, Security Update 2011-002, a report from The H.
- iOS update for iPhone and iPad blocks fake certificates, a report from The H.
(crve)