Apple patches 41 security bugs in iTunes update

Users of Apple Inc.'s iTunes software—especially those running Windows PCs—may need to install soonest the latest update, which fixes at least 41 security flaws.

 

Security vendor Sophos, in a blog post, noted some of these 41 flaws in iTunes - needed for PCs to communicate with iPhones, iPods and iPads - are more than one year old.

 

"What is unclear is why Apple has waited for so long to release these fixes for Windows users of iTunes ... (But) the point is you should update iTunes now, especially if you are a Windows user who needs it to manage your music, movies, TV shows, iPad or iPod," it said.

 

Sophos said the latest iTunes update addresses a certificate validation issue for both Mac and Windows.

 

If that issue were exploited, an attacker could spoof an SSL certificate without the user being warned.

 

The iTunes update also fixes 40 other vulnerabilities in the Windows version.

 

Sophos noted the oldest vulnerability fixed, CVE-2012-2824, which can allow an attacker to remotely run programs on a vulnerable machine, was first reported as far back as April 27, 2012.

 

Apple first tried to fix the flaw via iOS 6.0.1 and Safari 6.0.2, on November 1, 2012 - about six months after the flaw was reported. — TJD, GMA News