-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-24-1 iTunes 12.9.3 for Windows iTunes 12.9.3 for Windows is now available and addresses the following: AppleKeyStore Available for: Windows 7 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with improved validation. CVE-2019-6235: Brandon Azad Core Media Available for: Windows 7 and later Impact: A malicious application may be able to elevate privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6221: Fluoroacetate working with Trend Micro's Zero Day Initiative SQLite Available for: Windows 7 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-20346: Tencent Blade Team CVE-2018-20505: Tencent Blade Team CVE-2018-20506: Tencent Blade Team WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2019-6215: Lokihardt of Google Project Zero WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia Tech CVE-2019-6216: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-6217: Fluoroacetate working with Trend Micro's Zero Day Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan Team CVE-2019-6226: Apple WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved validation. CVE-2019-6229: Ryan Pickren (ryanpickren.com) Additional recognition WebKit We would like to acknowledge James Lee (@Windowsrcer) of Kryptos Logic for their assistance. Installation note: iTunes 12.9.3 for Windows may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlxHSSspHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Fqrw// UGoOTT5g9pxIejFnbQUY6QOoLfSOPZHSPZUZVerZbXdEbEqks5+/7HJMikogBc+0 Rh58V0qKWeE+lLTAVwRDpm2TA427z4o1fz00ExhlD2L8wPKZ8Apx522NS+X+boOk PtXm57zCL/FrIu9zX0V3V05NNZNrI5ycS5YfAVDlCOnVkKPqIYhBh0q0ZEeemGEK ifyTPkIG8hjtlzoFapgckzDVeSd+txIUdiY/T+wnWcDkKXU/ADEMrTur3c8LKhKC G13FWWa0LWcJwNd94EpPGZ8hk0oH5h6WFvf6yheeTyK0nYo4j0m6KZI8TMADrMTt G//Rx1rQLxYZXTt5IlKw8WLp5LC4/PydQptyzlatjdj20mB6efkqm4y6YZvc5Irk 4nr4+VJ/w/hVTfbkxt+zTVTQgka+3ubZ0x2C8s2vq2jYzqJwc4ZhMlCoW2kEEtL5 2AmKleX70SJD3UvRirIp23KDyCkKCXeqB/XcZVXaNUIOBoTTJrzUpfrDXN6d8mRP 4lylBHnTnkP3laQe51ZgS5oxE3AzqUlvnC2iSdb5e1Cvlchof+Ma/w13K/FR95Y/ k0qY4Xxec7DZSoMt3AKzH6uMY4gyIpGSGn1Gn80K0CEer5EF94pFArXwKyROZgia 7Qd0/V4bhj18d5fiDDWpazPqjaasRrx0HMUz4K5kfbg= =A1td -----END PGP SIGNATURE-----