October 13, 2024 at 02:30PM
Apple released updates for iTunes 12.13.3 for Windows on September 12, 2024, addressing two vulnerabilities: CVE-2024-44193, which involves logic issues allowing privilege escalation, and CVE-2024-44157, a stack buffer overflow affecting system stability when handling malicious video files. Updates are available for Windows 10 and later.
### Meeting Notes Summary
**Apple ID:** 121328
**Release Date:** September 12, 2024
#### Security Updates for iTunes 12.13.3 (Windows)
1. **CVE-2024-44193**
– **Description:** Addressed a logic issue with improved restrictions.
– **Impact:** A local attacker may be able to elevate their privileges.
– **Affected Product:** iTunes 12.13.3 for Windows.
– **Update Availability:** Windows 10 and later.
2. **CVE-2024-44157**
– **Description:** Resolved a stack buffer overflow through improved input validation.
– **Impact:** Parsing a maliciously crafted video file may lead to unexpected system termination.
– **Affected Product:** iTunes 12.13.3 for Windows.
– **Update Availability:** Windows 10 and later.
### Action Items
– Users should update to iTunes 12.13.3 to mitigate these vulnerabilities.
– Monitor for further updates regarding security patches.