{"id":22008,"date":"2014-01-24T12:46:24","date_gmt":"2014-01-24T20:46:24","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=22008"},"modified":"2016-10-06T12:38:54","modified_gmt":"2016-10-06T19:38:54","slug":"apple-releases-itunes-11-1-4-for-mac-and-windows","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-itunes-11-1-4-for-mac-and-windows\/","title":{"rendered":"Apple Releases iTunes 11.1.4 for Mac and Windows"},"content":{"rendered":"

This week, Apple released iTunes 11.1.4 for Macintosh and Windows platforms. These software updates fix a combined 25 bugs<\/a> with 1 flaw resolved in iTunes for Mac OS X 10.6.8 or later, and an additional 24 flaws resolved just for Windows 8, Windows 7, Vista, XP SP2 or later.<\/p>\n

\"iTunes<\/a><\/p>\n

Apart from the security updates, as you can see prominently mentioned in the iTunes 11.1.4 release note, Apple purportedly now lets you see your Wish List while viewing your iTunes library. Previously, you were limited to only see your Wish List from the purview of the iTunes Store. And, well, that appears to still be the case.<\/a>\u00a0(Jan 27 update<\/strong>: It is finally showing up now<\/a>.) But I digress, and back to security we go.<\/p>\n

The iTunes versions available for Mac OS X 10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later addresses a vulnerability in which an attacker with a privileged network position may control the contents of the iTunes Tutorials window. Apple describes the vulnerability as follows:<\/p>\n

CVE-2014-1242<\/a>\u00a0:\u00a0The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials.<\/p><\/blockquote>\n

The iTunes versions available for Windows 8, Windows 7, Vista, XP SP2 or later addresses the following vulnerabilities:<\/p>\n