Windows iTune update fixes 79 bugs

Apple Inc. has released an update to fix 79 vulnerabilities in the Windows version of iTunes, the software needed for a computer to communicate with Apple's mobile devices like the iPod, iPhone and iPad. Computer security firm Sophos said 73 of the bugs affect WebKit - which is used to render HTML content from the iTunes store - and could cause remote code execution. "Other fixes resolve remote code execution flaws in CoreFoundation, ColorSync, CoreAudio, CoreMedia and ImageIO," Sophos said in a blog post. But it also noted these vulnerabilities can only be exploited through a man-in-the-middle attack while using iTunes. On the other hand, Sophos said the SANS Internet Storm Center had indicated Apple will release fixes for OS X users as part of the yet unreleased updates for 10.6 (Snow Leopard) and 10.7 (Lion). "Users of OS X 10.5 and earlier will be left unprotected," it said. Sophos said iTunes 10.5 for OS X is available as well, but only includes new features, not security fixes. The iTunes 10.5 introduces iCloud support, wireless syncing and support for iOS 5. Meanwhile, Sophos noted iTunes no longer requires QuickTime for Windows. "If you don't need/want QuickTime this might be a great opportunity to remove it, reducing the number of applications you need to keep patched," it said. — TJD, GMA News