Google helps close 163 security vulnerabilities in iTunes

Summary:Google has had a helping hand in identifying some of the 163 vulnerabilities that were closed in the latest version of iTunes released with the launch of the iPhone 5.

Apple's unveiling of its new, overhauled iTunes has been touted by the company as its way of "going back to our roots with an incredibly clean design," but underneath the shiny veneer there are also a number of security vulnerabilities that have been patched — 163 of them.

In a rather vague security bulletin released by the company today, Apple listed the vulnerabilities that affect WebKit, the open-source rendering engine that powers iTunes. iTunes has been hit by WebKit flaws in the past, with Apple previously making about 40 fixes for iTunes 9.2, most of which were WebKit related.

As WebKit is also used by Google Chrome, meaning that any vulnerabilities discovered by Google ultimately also benefit Apple and vice versa. Google appears to have done most of the ground work for Apple, however; Google's security teams found 74 vulnerabilities, while Apple's found 26. The remainder were found by other security groups and individual contributors.

The vulnerabilities mean that if users are tricked into visiting a specially crafted website, it can force iTunes to close, or worse, execute arbitrary code that could allow an attacker to take control of the victim's computer.

Apple has not listed which versions of iTunes are affected by the vulnerabilities.

Topics: Security, Apple, Google, iPhone, Malware

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.