Apple is all about Mac security updates this week. Earlier, the company dropped a bunch of security updates for macOS Monterey, Big Sur, and Catalina, followed by the first beta of 12.5. On Wednesday, Apple released another security update, but this time for Windows.
iTunes 12.12.4 is now available for users and can be downloaded from the Microsoft Store or from Apple. These are the flaws that Apple has patched in the update:
AppleGraphicsControl
- Available for: Windows 10 and later
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved input validation.
- CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
ImageIO
- Available for: Windows 10 and later
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: An integer overflow issue was addressed with improved input validation.
- CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative
iTunes
- Available for: Windows 10 and later
- Impact: A local attacker may be able to elevate their privileges
- Description: A logic issue was addressed with improved state management.
- CVE-2022-26774: Sai Wynn Myat (@404death)
Mobile Device Service
- Available for: Windows 10 and later
- Impact: An application may be able to delete files for which it does not have permission
- Description: A logic issue was addressed with improved state management.
- CVE-2022-26773: Sai Wynn Myat (@404death)
WebKit
- Available for: Windows 10 and later
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- WebKit Bugzilla: 238171
- CVE-2022-26717: Jeonghoon Shin of Theori
iTunes for Windows can be used by PC users to access Apple Music or to buy music and videos if those users don’t want to use the Apple Music website. The app is also used to sync content between a Windows PC and an iPhone, iPad, or an iPod touch.
