Posted by Apple Product Security on May 17

APPLE-SA-2016-05-16-6 iTunes 12.4

iTunes 12.4 is now available and addresses the following:

iTunes
Available for: Windows 7 and later
Impact: Running the iTunes installer in an untrusted directory may
have resulted in arbitrary code execution
Description: A dynamic library loading issue existed in iTunes
setup. This was addressed through improved path searching.
CVE-ID
CVE-2016-1742 : Stefan Kanthak and
YoKo Kho (yokoacc) of MII – Consulting…