iTunes 10.2 addresses multiple security vulnerabilities
Apple has released an update, version 10.2, to the popular iTunes media player software, closing a number of security vulnerabilities in its product. According to Apple, iTunes 10.2 corrects five vulnerabilities in ImageIO, as well as two issues in the libxml library, many of which could possibly be used by an attacker to execute arbitrary code.
The update also fixes a total of 50 bugs in the WebKit browser engine which could also lead to arbitrary code execution via a man-in-the-middle attack while browsing the iTunes Store. In addition to closing the above security vulnerabilities, the iTunes update also improves Home Sharing and adds support for iPhone, iPad and iPod touch devices running iOS 4.3, which is expected to arrive on 11 March.
Version 10.2 of iTunes is available to download for Windows (32- and 64-bit) and Mac OS X 10.5 or later. All users are advised to upgrade as soon as possible.
See also:
- About the security content of iTunes 10.2, security advisory from Apple.
(crve)