iTunes 10.2 fixes multiple security vulnerabilities

iTunes 10.2 comes with several new features, improvements and security fixes.

ImageIO

libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. For Mac OS X v10.5 systems, this is addressed in Security Update 2010-007.

A heap buffer overflow issue existed in ImageIO’s handling of JPEG images. Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution.

A buffer overflow existed in libTIFF’s handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

A buffer overflow existed in libTIFF’s handling of CCITT Group 4 encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.

libxml

A double free issue existed in libxml’s handling of XPath expressions. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.

A memory corruption issue existed in libxml’s XPath handling. Processing a maliciously crafted XML file may lead to an unexpected application termination or arbitrary code execution.

WebKit

Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.