Skip to content

Bugs and Fixes: updates to Windows iTunes, Java, and Internet Explorer

November 3, 2013

Update, update, update: Form that habit now, if you haven’t already, to keep up with security fixes. The latest include the usual tweaks to fend off malicious attacks, and a fix to Java that should prevent it from disabling itself constantly. That would be nice.

Apple updates Windows iTunes to 11.1.2

The 11.1.2 version of iTunes for Windows (10/22/2013) fixes several potential security issues. The program could be crashed if someone of sufficiently evil intent exploited memory access flaws in the handling of text tracks.

A bug related to WebKit memory corruption issues could allow nefarious beings to insert themselves between iTunes and the iTunes store. It has also been addressed with this update.

Finally, Apple has updated its usage of libxml and libxslt to 2.9.0 and 1.1.28, respectively, to ward off potential tampering that could cause unexpected program shutdowns or the running of malicious code.

Java’s Slew of Fixes

If you’ve be tracking your browser’s add-ons or extensions recently, you may have noticed that Java has been disabled with alarming regularity recently (if you’ve forgone the automated Java updates). Hopefully Java 7 update 45 (7u45) will lessen the onslaught of disablement with its whopping 51 fixes, all part of Oracle’s latest Critical Patch Update released on 10/13/2013 (no, it wasn’t a Friday). There are protections against code redistribution, and a warning if an application is started in an unexpected location, just to name two.

Apple issued its own update, but it’s probably time to move to Oracle’s plug-in if you’re a Mac user.

Cumulative Security Update for Internet Explorer (2879017)

If you don’t have automatic updates enabled for Internet Explorer, you might want to grab this one, which was made available on 10/8/2013 for every version of IE since 6. It addresses a number of security flaws, including one that “could allow remote code execution if a user views a specially crafted webpage…”. Not only that, attackers could gain local administrative rights and play havoc with your PC in any way they see fit.

2879017 is a must-have, as is any security fix that’s been publicized. There are always bad guys waiting to prey on laggards. If you have automatic updates enabled, you probably already have it.

Jon L. Jacobi Jon Jacobi, PCWorld

Jon L. Jacobi has worked with computers since you flipped switches and punched cards to program them. He studied music at Juilliard, and now he power-mods his car for kicks.
More by Jon L. Jacobi

Subscribe to the Security Watch Newsletter

Thank you for sharing this page.

Sorry! There was an error emailing this page

Related Topics: Doug Martin   Gta 5 Online Not Working   emily blunt   Nokia   Ichiro Suzuki  

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: