Published on: 23 September 2016
Apple has released software update fixing eleven vulnerabilities in iTunes for Windows prior to version 12.5.1. The vulnerabilities could be exploited when users access web sites with maliciously crafted web content.
A successful attack could lead to arbitrary code execution, sensitive data leakage, network traffic interception and alteration.
The product vendor has released iTunes for Windows 12.5.1 to address the issues. Users can obtain the updates by using the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-us/HT207158
https://www.hkcert.org/my_url/en/alert/16092201
https://www.auscert.org.au/render.html?it=38798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4769