Posted by Apple Product Security via Fulldisclosure on May 14
APPLE-SA-05-08-2024-1 iTunes 12.13.2 for Windows
iTunes 12.13.2 for Windows addresses the following issues.
Information about the security content is also available at https://support.apple.com/HT214099.
Apple maintains a Security Releases page at https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
CoreMedia
Available for: Windows 10 and later
Impact: Parsing a file may lead to an unexpected app…
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Jan Schermer discovered that strongSwan incorrectly validated client
certificates in certain configurations. A remote attacker could possibly
use this issue to bypass access controls.