Apple has published an update for the Windows version of its media management tool iTunes. The vulnerabilities have not yet been exploited, as Apple states.
Apple fixed several vulnerabilities with this update to the new version 12.12.4. The update can be downloaded via the Apple Software Update program and the iTunes website.
Several bugs have been fixed
Apple explains here which vulnerabilities have been fixed. In earlier versions, it was possible for attackers to run defective program code with a manipulated image. The cause was an error in the AppleGraphicsControl module. Similar to a bug in the ImageIO module.
In iTunes itself, a local attacker was able to increase his own rights before the bug was fixed. Two errors in the Mobile Device Service and in the web rendering engine Webkit are also problematic. Programs could delete files for which they have no permission and manipulated websites were able to run program code on the affected device.
Software update issues fixed
According to Apple, the fixed vulnerabilities have not yet been exploited by attackers. Nevertheless, an update is urgently recommended, since some of these gaps could be exploited when the bugs become known.