Editorial

The war between security and convenience

News

iOS diagnostic services, their uses and protections, outline by Apple in response to 'backdoor' allegations

Editorial

Apple: No backdoors created for NSA

How to

How to re-download movies, music, and TV shows to your Mac or PC with iTunes in the Cloud

How to

How to re-download previously purchased apps and games on iPhone and iPad

News

Apple blocking older versions of Flash after yet another security exploit

News

iTunes 11.3 gives your movies all-new, all-streaming iTunes Extras

How to

How to re-download purchased music, movies, and TV shows with iTunes in the Cloud

News

UK government set to rush through emergency surveillance legislation

News

UK officials follow US counterparts by banning electronics with no charge from boarding flights

How to

How to change the iTunes account on your iPhone or iPad

How to

How to enable automatic downloads for music, books, and apps with iTunes in the Cloud

Editorial

Please do this before you upgrade to iOS 7.1.2!

Accessories

Apple's security lock adapter will chain your Mac Pro to your desk

Apps

Not only is Yo stupid, it's now also a security risk

Movies & TV

Happy 10th birthday British (and French and German) iTunes Store!

Apps

iTunes Store, App Store, Apple TV experiencing server problems, don't panic

How to

How to create an Apple ID on your iPhone or iPad

Apps

Apple releases iTunes 11.2.2 with a fix for unexpected downloads

News

Apple confirms iCloud breach not the reason behind Apple ID hijack

iTunes 11.0.3 brings a number of important security fixes

Apple recently released iTunes 11.0.3 with a number of cosmetic improvements including an updated MiniPlayer and songs view. However, this release is more than just a pretty face, bringing a number of security patches which address a wide range of vulnerabilities. Even users not interested in the visual treatments will want to grab this update.

Out of all 40 of the vulnerabilities listed in Apple’s article detailing the security content of the update, only one of them affected Mac users. The remaining 39 vulnerabilities addressed in this iTunes release only affected Windows users. Though this doesn’t mean that it’s not important to update if you’re a Mac user. The bug fixed for OS X users addresses an issue with certificate validation, where iTunes could accept an untrusted SSL certificate without alerting the user, potentially leading to intercepted or maliciously altered traffic.

Windows users were also affected by the certificate validation bug, as well as a significant number of memory corruption bugs in WebKit. These bugs could allow for a man-in-the-middle attack and potentially lead to arbitrary code execution on a user’s computer. While specific details aren’t available for all of the fixed bugs, a number of them seem to have been previously patched in iOS and Safari and are not particularly new. In fact, details of the oldest bug on the list were first discovered over a year ago, and fixed in iOS and Safari earlier this year.

If you haven’t already updated iTunes, you can update to 11.0.3 with iTunes’ “Check for Updates...” option or grab it straight from the iTunes download page.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

4
loading...
4
loading...
34
loading...
0
loading...

← Previously

Deal of the Day: 43% off the Incipio Smart Feather Ultralight Hard Case for iPad 4th gen and The New iPad

Next up →

Multiple Vulnerabilities Found in File Lite and File Pro iOS Apps

There are 2 comments. Add yours.

kitesurfjerry says:

Before when I used to sync my iOS devices with iTunes the new app updates from my devices used to transfer automatically to iTunes, now I have to download the app twice!! am I doing something wrong? or this is how it is now with this new iTunes?