Apple's unveiling of its new, overhauled iTunes has been touted by the company as its way of "going back to our roots with an incredibly clean design," but underneath the shiny veneer there are also a number of security vulnerabilities that have been patched — 163 of them.
In a rather vague security bulletin released by the company today, Apple listed the vulnerabilities that affect WebKit, the open-source rendering engine that powers iTunes. iTunes has been hit by WebKit flaws in the past, with Apple previously making about 40 fixes for iTunes 9.2, most of which were WebKit related.
As WebKit is also used by Google Chrome, meaning that any vulnerabilities discovered by Google ultimately also benefit Apple and vice versa. Google appears to have done most of the ground work for Apple, however; Google's security teams found 74 vulnerabilities, while Apple's found 26. The remainder were found by other security groups and individual contributors.
The vulnerabilities mean that if users are tricked into visiting a specially crafted website, it can force iTunes to close, or worse, execute arbitrary code that could allow an attacker to take control of the victim's computer.
Apple has not listed which versions of iTunes are affected by the vulnerabilities.