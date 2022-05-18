Apple is all about Mac security updates this week. Earlier, the company dropped a bunch of security updates for macOS Monterey, Big Sur, and Catalina, followed by the first beta of 12.5. On Wednesday, Apple released another security update, but this time for Windows.

iTunes 12.12.4 is now available for users and can be downloaded from the Microsoft Store or from Apple. These are the flaws that Apple has patched in the update:

AppleGraphicsControl

Available for: Windows 10 and later

Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

ImageIO

Available for: Windows 10 and later

Windows 10 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation.

An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative

iTunes

Available for: Windows 10 and later

Windows 10 and later Impact: A local attacker may be able to elevate their privileges

A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management.

A logic issue was addressed with improved state management. CVE-2022-26774: Sai Wynn Myat (@404death)

Mobile Device Service

Available for: Windows 10 and later

Windows 10 and later Impact: An application may be able to delete files for which it does not have permission

An application may be able to delete files for which it does not have permission Description: A logic issue was addressed with improved state management.

A logic issue was addressed with improved state management. CVE-2022-26773: Sai Wynn Myat (@404death)

WebKit

Available for: Windows 10 and later

Windows 10 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

A use after free issue was addressed with improved memory management. WebKit Bugzilla: 238171

238171 CVE-2022-26717: Jeonghoon Shin of Theori

iTunes for Windows can be used by PC users to access Apple Music or to buy music and videos if those users don’t want to use the Apple Music website. The app is also used to sync content between a Windows PC and an iPhone, iPad, or an iPod touch.