Posted by Stefan Kanthak on Feb 21

Hi @ll,

the just released iTunes 12.1.1 for Windows still comes with
outdated and VULNERABLE 3rd party libraries and vulnerable
command lines:

In AppleMobileDeviceSupport.msi:

* libeay32.dll and ssleay32.dll 0.9.8za from 2014-06-05

The current version is 0.9.8ze and has 21 security fixes
which are missing in 0.9.8za; see <http://openssl.org/news/>

At last, these DLLs are no more 7 years old as before, but
“only” 8…