Apple has released a massive security update for iTunes on Windows, fixing more than 160 security vulnerabilities. The new version of iTunes is one of the larger security updates by any vendor in the last few years, and many of the fixes are for WebKit vulnerabilities.
In its advisory about the iTunes update, Apple, in one of the bigger understatements in recent memory, said that the application contains “multiple memory corruption issues”. The total number of vulnerabilities fixed in iTunes 10.7 is 163 and a huge number of those bugs were discovered by members of Google’s internal security team. Many of the other vulnerabilities were discovered by a researcher who uses the name Miaubiz, who is a frequent contributor to Google’s Chrome bug bounty program.
Many of the vulnerabilities in WebKit that Apple fixed in iTunes 10.7 are from 2011. A lot of those flaws have been fixed in other applications that use WebKit, including Chrome and Safari, for some time now.
“Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution,” Apple said in its advisory. “Multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling.”
Users can get the security fixes by updating iTunes directly in the application.