Apple ha, da qualche ora, reso disponibile la nuova versione di iTunes 12.10.5.
iTunes 12.10.5: le novità presenti nell’aggiornamento
Ecco il changelog ufficiale rilasciato da Apple, per questa versione:
libxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3910: LGTM.comlibxml2
Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-FuzzWebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)WebKit
Available for: Windows 7 and later
Impact: A download’s origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)WebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of VenustechWebKit
Available for: Windows 7 and later
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional validation.
CVE-2020-3894: Sergei Glazunov of Google Project ZeroWebKit
Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day InitiativeWebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9783: AppleWebKit
Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2020-3899: found by OSS-FuzzWebKit
Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: An input validation issue was addressed with improved input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)WebKit Page Loading
Available for: Windows 7 and later
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)
Per poter aggiornare iTunes all’ultima versione su Windows basta avviare il software “Apple Software Update“ o ricercare l’aggiornamento su Microsoft Store.