Apple ha, da qualche ora, reso disponibile la nuova versione di iTunes 12.10.4.
iTunes 12.10.4: le novità presenti nell’aggiornamento
Ecco il changelog ufficiale rilasciato da Apple, per questa versione:
ImageIO
Available for: Windows 7 and later
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3826: Samuel Groß of Google Project Zero
Entry added January 29, 2020libxml2
Available for: Windows 7 and later
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3846: Ranier Vilela
Entry added January 29, 2020Mobile Device Service
Available for: Windows 7 and later
Impact: A user may gain access to protected parts of the file system
Description: The issue was addressed with improved permissions logic.
CVE-2020-3861: Andrea Pierini (@decoder_it), Christian Danieli (@padovah4ck)WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2020-3867: an anonymous researcher
Entry added January 29, 2020WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2020-3825: Przemysław Sporysz of Euvic
CVE-2020-3868: Marcin Towalski of Cisco Talos
Entry added January 29, 2020WebKit
Available for: Windows 7 and later
Impact: A malicious website may be able to cause a denial of service
Description: A denial of service issue was addressed with improved memory handling.
CVE-2020-3862: Srikanth Gatta of Google Chrome
Entry added January 29, 2020WebKit Page Loading
Available for: Windows 7 and later
Impact: A top-level DOM object context may have incorrectly been considered secure
Description: A logic issue was addressed with improved validation.
CVE-2020-3865: Ryan Pickren (ryanpickren.com)
Entry added January 29, 2020, updated February 11, 2020WebKit Page Loading
Available for: Windows 7 and later
Impact: A DOM object context may not have had a unique security origin
Description: A logic issue was addressed with improved validation.
CVE-2020-3864: Ryan Pickren (ryanpickren.com)
Entry added February 11, 2020
Per poter aggiornare iTunes all’ultima versione su Windows basta avviare il software “Apple Software Update“ o ricercare l’aggiornamento su Microsoft Store.