Apple has posted an update to address multiple security vulnerabilities in its iconic iTunes media player platform.
The company said that the update will
include fixes for multiple security vulnerabilities which could be
exploited remotely by an attacker. The update will apply to both the OS X
and Windows versions of the application.
According to Apple, the flaws include an
HTTPS certificate validation error. An attacker could in theory craft a
phony security certificate which would be accepted by itunes without
warning, potentially allowing the attacker to establish a trusted
connection with a targeted system.
Additionally, the update will address
memory corruption errors in WebKit which place iTunes Store users in
danger of a man-in-the-middle attack. Apple said that if an attacker had
gained access to the iTunes store and targeted the flaw, users could
have been subjected to remote code execution attacks while browsing. The
company did not report any instances of attacks occurring in the wild.
Apple said that the iTunes 11.0.3 update
will apply to users running Windows 7, Vista and XP SP2 and later. OS X
users will require MacOS version 10.6.8 or later. Users can obtain the
fix through Apple's Software Update utility.
The iTunes update comes just days after Microsoft released its May Patch Tuesday bundle.
The monthly security update included fixes for major vulnerabilities in
Internet Explorer which have been targeted in zero-day attacks.
The update comes as Apple celebrates 50 billion app downloads from its iTunes store on devices such as the iPad and iPhone
No comments:
Post a Comment