Apple Security Advisory 2017-01-23-7 - iTunes for Windows 12.5.5 is now available and addresses code execution vulnerabilities.
4c501fcce5004df66bab08bab466bc67e6321f8c5999863d097303011f483d4f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
APPLE-SA-2017-01-23-7 iTunes for Windows 12.5.5
iTunes for Windows 12.5.5 is now available and addresses the
following:
WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved memory handling.
CVE-2017-2354: Neymar of Tencent's Xuanwu Lab (tencent.com) working
with Trend Micro's Zero Day Initiative
WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory initialization issue was addressed through
improved memory handling.
CVE-2017-2355: Team Pangu and lokihardt at PwnFest 2016
WebKit
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed through
improved input validation.
CVE-2017-2356: Team Pangu and lokihardt at PwnFest 2016
CVE-2017-2366: Kai Kang of Tencent's Xuanwu Lab (tencent.com)
iTunes for Windows 12.5.5 may be obtained from:
https://www.apple.com/itunes/download/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJYgqLiAAoJEIOj74w0bLRGFRYP/2CufgeHR1X1tocvO40h3Vsv
CU1xx2Xx10A3PW/6vH0/+hCO0PVjeB8dR0Du2a24D6WzDylel+mtzTDksplddflc
xn1Kee+V3SQPRdRPqoGblH8+bcF2feEM+BdUmw+ZTgF5BDPJwlO1IWyoiz269RSI
AAaNCwXqCM4rv+Td/dz7ldn7TZfljvrYZ+h0g8SISiGFANAofumUpzLp6RCfFONA
ERO/Df2ZmRKnGd8Ao0JDszOajhLdaCeKAVj/uF479pdNO0dfpSa6dG+iQh40Un3A
R2MwgKNqu5u9k1wv96MbZ13UB0Dl/Nn8ILTMHb12QCttDWE6VMrR3hUp0hv6BPJd
AICKJug67QwjJbvP0P7NNZIK0p+ci84MegrvIhs2Df2zWTvZoOUfYBjgfGYW0iZX
VVXK+SwueivRXZmD7HCI7MIYcmxVyUHYOn2Zwv0uVD7e2IY+QnQhqfxDUm2WfufY
DLTRePoCLgxKXVtwECWA0y1kORJEj7e1uD+/Eh2diK65r/fSy89yaMM4SjFZtlEg
/AMxtx/uAylXTb2FKdQ4R+jSi4SKBEHpp/0vVk+c9QYJANMdSQyMKkydm2KclVdK
n9SnrWgVpa5FE5M75VhCSw35s/hxt+pZfuk+sCI1gl8rms4+9oL0iYzRUXNHSDT5
SFUM81GBiKUV/j9OFbLT
=WnNv
-----END PGP SIGNATURE-----