Apple releases iTunes 12.12.4 for Windows to plug security holes
Related Posts
Apple is all about Mac security updates this week. Previously, the company released a bunch of security updates for macOS Monterey, Big Sur, and Catalina, followed by the first beta version of 12.5. On Wednesday, Apple released another security update, but this time for Windows.
iTunes 12.12.4 is now available to users and can be downloaded from the Microsoft Store or from Apple. These are the bugs that Apple has patched in the update:
AppleGraphicsControl
- Available for: Windows 10 and later
- Impact: Processing a maliciously crafted image can lead to arbitrary code execution
- Description: Fixed a memory corruption issue by improving input validation.
- CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
ImageIO
- Available for: Windows 10 and later
- Impact: A remote attacker can cause an unexpected application termination or arbitrary code execution
- Description: Fixed an integer overflow issue with improved input validation.
- CVE-2022-26711: Minutes of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
itunes
- Available for: Windows 10 and later
- Impact: A local attacker can elevate their privileges
- Description: Fixed a logic issue with improved state management.
- CVE-2022-26774: Sai Wynn Myat (@404death)
mobile device service
- Available for: Windows 10 and later
- Impact: An app can delete files for which it does not have permission
- Description: Fixed a logic issue with improved state management.
- CVE-2022-26773: Sai Wynn Myat (@404death)
web kit
- Available for: Windows 10 and later
- Impact: Processing of maliciously crafted web content can lead to arbitrary code execution
- Description: Fixed a use after free issue with improved memory management.
- WebKit Bugzilla: 238171
- CVE-2022-26717: Theori’s Jeonghoon Shin
PC users can use iTunes for Windows to access Apple Music or to purchase music and videos if those users do not want to use the Apple Music website. The app is also used to sync content between a Windows PC and an iPhone, iPad, or iPod touch.