-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-6 iTunes 12.6.2 iTunes 12.6.2 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: An application may be able to execute arbitrary code with system privileges Description: An access issue was addressed with additional restrictions. CVE-2017-7053: an anonymous researcher working with Trend Micro's Zero Day Initiative libxml2 Available for: Windows 7 and later Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7010: Apple CVE-2017-7013: found by OSS-Fuzz WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7018: lokihardt of Google Project Zero CVE-2017-7020: likemeng of Baidu Security Lab CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-7037: lokihardt of Google Project Zero CVE-2017-7039: Ivan Fratric of Google Project Zero CVE-2017-7040: Ivan Fratric of Google Project Zero CVE-2017-7041: Ivan Fratric of Google Project Zero CVE-2017-7042: Ivan Fratric of Google Project Zero CVE-2017-7043: Ivan Fratric of Google Project Zero CVE-2017-7046: Ivan Fratric of Google Project Zero CVE-2017-7048: Ivan Fratric of Google Project Zero CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative CVE-2017-7055: The UK's National Cyber Security Centre (NCSC) CVE-2017-7056: lokihardt of Google Project Zero CVE-2017-7061: lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: An application may be able to read restricted memory Description: A memory initialization issue was addressed through improved memory handling. CVE-2017-7064: lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-7049: Ivan Fratric of Google Project Zero WebKit Page Loading Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7019: Zhiyang Zeng of Tencent Security Platform Department WebKit Web Inspector Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7012: Apple Installation note: iTunes 12.6.2 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZb5VTAAoJEIOj74w0bLRGEccP/jVIFy9gzYin6CI8rIeCmWt9 kUEF+pq1YA/g+kk9taYr2OiQfqeErVDjBXpq8VwdJVtmEqAtm1vJo1KbPjYqZjGz eh9vFFgcREmm6FVGLxvI895bCjvcxqkXNXGdAYntrWV4w1zX+Is3QknK96nJ416O CYUbf92GfEPPAtEGTQQ8CTpnGfnicTluTi2qU4xi1h7SQ5JHpNEfduulVX8CBbHQ CHDnDyfXnvYmEH5IqkDaWWPgjaMJ1S/F9SCYzWgR0Skw4iXPYeIgS+Vpb61rLykK vh+KVffaS/d73QGwsWzGqq+EcPzxLGrB8/jU9VBNw5wiQysOsA3N67R2aU5blha5 MriGAOklig75+p6k6odo5hL2eUdsj/2g1zsYDKRK6hMvUpjU1boqCCY+qhRwPj6e V1BWaDB5uwEaT9dY5yFYW6W8TPoJBYZRECPDRxyGcjCyDw5RQqC24lIiEF+wbjwo loRGCo5PAcHafdRwmLtiCs71UQdywNg81giB4IbLW9HoRciMlySq1MCbfj/RSXMK VYjmIuMAJektSOYPygNQ6HN2R5odYoQNix3njXyFz9dL3xg72QtrX6sALzhdSTcu EUTHLyqQm3b3hv3qUG+q96WYtFnZe/0F2eGuquu0m1rW9wIJmLcvHRw50Wd2UJCR 0roqHiwf3axwmFEhNiWC =8+yO -----END PGP SIGNATURE-----