iTunes for Windows 12.12.4 available
The update fixes several security vulnerabilities.
David FischerApple has published an update for the Windows version of its media management tool iTunes. The vulnerabilities have not yet been exploited, as Apple states.
Apple fixed several vulnerabilities with this update to the new version 12.12.4. The update can be downloaded via the Apple Software Update program and the iTunes website.
Several bugs have been fixed
Apple explains here which vulnerabilities have been fixed. In earlier versions, it was possible for attackers to run defective program code with a manipulated image. The cause was an error in the AppleGraphicsControl module. Similar to a bug in the ImageIO module.
In iTunes itself, a local attacker was able to increase his own rights before the bug was fixed. Two errors in the Mobile Device Service and in the web rendering engine Webkit are also problematic. Programs could delete files for which they have no permission and manipulated websites were able to run program code on the affected device.
Software update issues fixed
According to Apple, the fixed vulnerabilities have not yet been exploited by attackers. Nevertheless, an update is urgently recommended, since some of these gaps could be exploited when the bugs become known.
About Author
David Fischer
I am a technology writer for UpdateStar, covering software, security, and privacy as well as research and innovation in information security. I worked as an editor for German computer magazines for more than a decade before starting to be a team member at UpdateStar.