-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2020-03-24-6 iTunes for Windows 12.10.5 iTunes for Windows 12.10.5 is now available and addresses the following: libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved size validation. CVE-2020-3910: LGTM.com libxml2 Available for: Windows 7 and later Impact: Multiple issues in libxml2 Description: A buffer overflow was addressed with improved bounds checking. CVE-2020-3909: LGTM.com CVE-2020-3911: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3901: Benjamin Randazzo (@____benjamin) WebKit Available for: Windows 7 and later Impact: A download's origin may be incorrectly associated Description: A logic issue was addressed with improved restrictions. CVE-2020-3887: Ryan Pickren (ryanpickren.com) WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2020-3895: grigoritchy CVE-2020-3900: Dongzhuo Zhao working with ADLab of Venustech WebKit Available for: Windows 7 and later Impact: An application may be able to read restricted memory Description: A race condition was addressed with additional validation. CVE-2020-3894: Sergei Glazunov of Google Project Zero WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2020-3897: Brendan Draper (@6r3nd4n) working with Trend Micro’s Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-9783: Apple WebKit Available for: Windows 7 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory consumption issue was addressed with improved memory handling. CVE-2020-3899: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2020-3902: Yiğit Can YILMAZ (@yilmazcanyigit) WebKit Page Loading Available for: Windows 7 and later Impact: A file URL may be incorrectly processed Description: A logic issue was addressed with improved restrictions. CVE-2020-3885: Ryan Pickren (ryanpickren.com) Additional recognition WebKit We would like to acknowledge Emilio Cobos Álvarez of Mozilla, Samuel Groß of Google Project Zero, and an anonymous researcher for their assistance. Installation note: iTunes for Windows 12.10.5 may be obtained from: https://www.apple.com/itunes/download/ -----BEGIN PGP SIGNATURE----- Version: BCPG v1.64 iQIcBAEDCAAGBQJeejDYAAoJEAc+Lhnt8tDN1/QP/iLf1EZKWPsH8W908AiHXb3/ 0tqn/iO2ZQ0VhAeMQrtjORhJJlekam4fxpZbsYt4xtjcga1ad8IN7tpTsLCYwEQD sw1/izjkYUj/eRGeX7CEswN7GHfsA4ilR4kH07x6adD17J7PDaCQ81l/Cf/KiGY5 hvqD8DUuVrMCmbyRF9ldJ/DaGLYKN2gh/fRZZm8CmbmQ8BDtLa18SEGUjMmOXAuo y+f/2H7hgCbWg5OdNzVxEJ2U34nEGIhURDIst5f6+RDQCfYXWGfj8sXXKFGnKCSI 1byaJS+yH4UUURCqVbucw+K6EmUO1brnB0A8g+RvfXd/uic1n91xRs5V7doXsoAq M9GqQcSnm9dfjjF6g4xAPpyJNEUOhMHzb6ZWdBQGhAGdMdjTUlXPDY0dgQgZL6Jh rNkzaaUJEv+SOJfFvB3pYyfsmnReBtfxgOTnCXZZdEfn4b/4NhqBZocekjJCd7N3 bPY+fVzvVplXaszwipKaeT/hnQFtlAItND+tPrEagtV0gpPX4RaiYfxKnJ1JojvM YM1y3SFU4jaZkeEA2/J33NSV1kigxBxHO8eLCG2eGivotL2HNzHzBi3GLg2W2oXI 6M1DaBkSmolD3T2eTiYsyQh2dTnjjNInN+HKLEUbenwHOzYgdoJt41fpzO0vYezH v9gKNIRdet2XQFFTnhvv =dwLs -----END PGP SIGNATURE-----