Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A buffer overflow vulnerability can be exploited locally to gain privileges;
2. Multiple memory corruption vulnerabilities in WebKit can be exploited remotely via specially crafted website to execute arbitrary code;
3. Multiple array indexing vulnerabilities in WebKit can be exploited remotely to cause denial of service;
4. A cross-origin vulnerability can be exploited remotely to obtain sensitive information;
5. Multiple assert failure vulnerabilities in WebKit can be exploited locally to cause denial of service.

Apple iTunes earlier than 12.7.4

Update to latest version
Download iTunes

About the security content of iTunes 12.7.4 for Windows