logo
DATABASE RESOURCES PRICING ABOUT US

About the security content of iTunes 12.7 for Windows - Apple Support

Description

## About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page. For more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page. You can encrypt communications with Apple using the [Apple Product Security PGP Key](<https://support.apple.com/kb/HT201601>). Apple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible. ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## iTunes 12.7 for Windows Released September 12, 2017 **CFNetwork** Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-13829: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative CVE-2017-13833: Niklas Baumstark and Samuel Gro working with Trend Micro's Zero Day Initiative Entry added November 10, 2017 **ImageIO** Available for: Windows 7 and later Impact: Processing a maliciously crafted image may lead to a denial of service Description: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management. CVE-2017-13831: Glen Carmichael Entry added October 31, 2017, updated November 10, 2017 **libxml2** Available for: Windows 7 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2017-9049: Wei Lei and Liu Yang - Nanyang Technological University in Singapore Entry added October 18, 2018 **libxml2** Available for: Windows 7 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2017-7376: an anonymous researcher CVE-2017-5130: an anonymous researcher Entry added October 18, 2018 **libxml2** Available for: Windows 7 and later Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2017-9050: Mateusz Jurczyk (j00ru) of Google Project Zero Entry added October 18, 2018 **libxml2** Available for: All Apple Watch models Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution Description: A null pointer dereference was addressed with improved validation. CVE-2018-4302: Gustavo Grieco Entry added October 18, 2018 **WebKit** Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7081: Apple Entry added September 25, 2017 **WebKit** Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7087: Apple CVE-2017-7091: Wei Yuan of Baidu Security Lab working with Trend Micro’s Zero Day Initiative CVE-2017-7092: Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative, Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team CVE-2017-7093: Samuel Gro and Niklas Baumstark working with Trend Micro’s Zero Day Initiative CVE-2017-7094: Tim Michaud (@TimGMichaud) of Leviathan Security Group CVE-2017-7095: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Micro’s Zero Day Initiative CVE-2017-7096: Wei Yuan of Baidu Security Lab CVE-2017-7098: Felipe Freitas of Instituto Tecnológico de Aeronáutica CVE-2017-7099: Apple CVE-2017-7100: Masato Kinugawa and Mario Heiderich of Cure53 CVE-2017-7102: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7104: likemeng of Baidu Secutity Lab CVE-2017-7107: Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University CVE-2017-7111: likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative CVE-2017-7117: lokihardt of Google Project Zero CVE-2017-7120: chenqin (陈钦) of Ant-financial Light-Year Security Lab Entry added September 25, 2017 **WebKit** Available for: Windows 7 and later Impact: Cookies belonging to one origin may be sent to another origin Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7090: Apple Entry added September 25, 2017 **WebKit** Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: Application Cache policy may be unexpectedly applied. CVE-2017-7109: avlidienbrunn Entry added September 25, 2017 ![](/library/content/dam/edam/applecare/images/en_US/mac_apps/itunes/divider.png) ## Additional recognition **WebKit** We would like to acknowledge Rayyan Bijoora (@Bijoora) of The City School, PAF Chapter for their assistance.


Affected Software


CPE Name Name Version
itunes 12.7

Related