==================================================================== CERT-Renater Note d'Information No. 2017/VULN399 _____________________________________________________________________ DATE : 14/12/2017 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows versions 7 and later running iTunes versions prior to 12.7.2. ===================================================================== https://lists.apple.com/archives/security-announce/2017/Dec/msg00006.html _____________________________________________________________________ APPLE-SA-2017-12-13-4 iTunes 12.7.2 for Windows iTunes 12.7.2 for Windows addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user Description: A privacy issue existed in the use of client certificates. This issue was addressed through a revised protocol. CVE-2017-13864: FURIOUSMAC Team of United States Naval Academy WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7156: an anonymous researcher CVE-2017-7157: an anonymous researcher CVE-2017-13856: Jeonghoon Shin CVE-2017-13870: an anonymous researcher CVE-2017-13866: an anonymous researcher Installation note: iTunes 12.7.2 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================