From: Apple Product Security
Reply to list
APPLE-SA-2016-05-16-6 iTunes 12.4 iTunes 12.4 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: Running the iTunes installer in an untrusted directory may have resulted in arbitrary code execution Description: A dynamic library loading issue existed in iTunes setup. This was addressed through improved path searching. CVE-ID CVE-2016-1742 : Stefan Kanthak and YoKo Kho (yokoacc) of MII - Consulting & Advisory Svc. Dept. iTunes 12.4 may be obtained from: http://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/iQIcBAEBCgAGBQJXOj0OAAoJEIOj74w0bLRGjA0QANTHzjNUsByxmLOpQfNcEHEy 3lXFmf00E7C6lq7DgQMPfbYOgXz+lAJuUuyt88OK6k9w+ADm+huxna6O+Gy4f+ST W1T2eu78vJG42QRji1f9PAa8M9roQjziL35iCRZCpeN5kLwXK8BHGSjvB33hjkGy a7GzWuT27iwUcEvTHSWACYtVqfDYre5l4Jyk0/CviWgb7zms7HC+SBbAGS3TfZRh LxT2JeF+dQ4Ajug21O8IJrOJtNwgppkssrSqtvVezYNvmTVuELPtm+5Mo0Ggqhr7 vo3SxcOvZ7xqyA9F2klLV27oity7FLMXg2NyqWnngpRJoxnnck8PcB9/FSGpVpWt /RmF6zIII792jfcmRYhe8IwgbpO6w8r4o4dJX3FLuWmk1HajT9itgZkMPIIfUdP7 hxvfmK4GBv09AP/o+oXi+Zoq3X0HbZhp+djcI9hx0T9a1bw7g0H31g54NMhqCxez vl0M04Y3+GmtXuIJNIzJuuIh4JMMfGN9SXO5NAzFzOlQ6bn96/uR9o4e+2LAuH29 HuACxqu6gaOOt/bv0AOSloPyIOSnfgH1v5Zt9QV2qDpChTSPqL0b5nnqwcv5yv7l InSa1oWL+WJ1FSlB7dLC01Sii4uRTC6Oud+ShWsoqMKYJouODqry8hlIG4Qqzexl fnEDC7oEvN/gpW1EXu7v =Aip6