Apple ha, da qualche ora, reso disponibile la nuova versione di iTunes 12.10.5.

iTunes 12.10.5: le novità presenti nell’aggiornamento

Ecco il changelog ufficiale rilasciato da Apple, per questa versione:

libxml2

Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3910: LGTM.com

libxml2

Available for: Windows 7 and later
Impact: Multiple issues in libxml2
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2020-3909: LGTM.com
CVE-2020-3911: found by OSS-Fuzz

WebKit

Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3901: Benjamin Randazzo (@____benjamin)

WebKit

Available for: Windows 7 and later
Impact: A download’s origin may be incorrectly associated
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3887: Ryan Pickren (ryanpickren.com)

WebKit

Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3895: grigoritchy
CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech

WebKit

Available for: Windows 7 and later
Impact: An application may be able to read restricted memory
Description: A race condition was addressed with additional validation.
CVE-2020-3894: Sergei Glazunov of Google Project Zero

WebKit

Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative

WebKit

Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2020-9783: Apple

WebKit

Available for: Windows 7 and later
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory consumption issue was addressed with improved memory handling.
CVE-2020-3899: found by OSS-Fuzz

WebKit

Available for: Windows 7 and later
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: An input validation issue was addressed with improved input validation.
CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit)

WebKit Page Loading

Available for: Windows 7 and later
Impact: A file URL may be incorrectly processed
Description: A logic issue was addressed with improved restrictions.
CVE-2020-3885: Ryan Pickren (ryanpickren.com)

Per poter aggiornare iTunes all’ultima versione su Windows basta avviare il software “Apple Software Update“ o ricercare l’aggiornamento su Microsoft Store.