Endpoint Vulnerability

Security update HT6001 for iTunes

Description

The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28.

Affected Products

iTunes