About the security content of iTunes 12.4.2 for Windows - Apple Support

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.

Apple security documents reference vulnerabilities by CVE-ID when possible.

iTunes 12.4.2 for Windows

Released July 18, 2016

libxml2

Available for: Windows 7 and later

Impact: Multiple vulnerabilities in libxml2

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2015-8317 : Hanno Boeck

CVE-2016-1836 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4447 : Wei Lei and Liu Yang of Nanyang Technological University

CVE-2016-4448 : Apple

CVE-2016-4483 : Gustavo Grieco

CVE-2016-4614 : Nick Wellnhofer

CVE-2016-4615 : Nick Wellnhofer

CVE-2016-4616 : Michael Paddon

Entry updated June 4, 2017

libxml2

Available for: Windows 7 and later

Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

Description: An access issue existed in the parsing of maliciously crafted XML files. This issue was addressed through improved input validation.

CVE-2016-4449 : Kostya Serebryany

libxslt

Available for: Windows 7 and later

Impact: Multiple vulnerabilities in libxslt

Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1683 : Nicolas Grégoire

CVE-2016-1684 : Nicolas Grégoire

CVE-2016-4607 : Nick Wellnhofer

CVE-2016-4608 : Nicolas Grégoire

CVE-2016-4609 : Nick Wellnhofer

CVE-2016-4610 : Nick Wellnhofer

Entry updated April 11, 2017