Apple Patches Six Month Old Open Source Flaws in iTunes
Page 1 of 1
While fanboys were buzzing about the merits of the new phone, Apple's security personnel quietly unloaded one of the biggest Apple software patch updates in the company's history.
Apple's iTunes 10.7 update for Windows provides patches for no less than 163 security vulnerabilities. All of the flaws are related to the open source WebKit rendering engine.
"The sheer number of bugs Apple fixed in this patch is almost overwhelming," said Andrew Storms, director of security operations for nCircle. "Apple is notorious for monster patches, but this one goes immediately to the top of the list."
Digging through the long list of WebKit flaws reveals that many of them have been known for some time. Apple's security advisory lists the flaws by their respective CVE (Common Vulnerabilities and Exposures) nomenclature, which identifies when the issue was first reported. As an example, the first bug listed in Apple's iTunes 10.7 patch update is CVE-2011-3016, a flaw that was first reported in 2011.