14 DAY TRIAL // Apple this week released iTunes 11.2 to Mac and Windows customers, delivering a new set of features primarily aimed at Podcast browsing and playback, with a small subset of fixes, including a security issue affecting Windows customers.
Now, a new vulnerability has been discovered, but this time the bug doesn’t affect Windows customers. Rather, the new security flaw seems to affect only users of OS X 10.6.8, aka Snow Leopard.
The bug would allow “a local user [to] compromise other local user accounts,” according to the advisory at http://support.apple.com/kb/HT6251. The full description is available below.
“Upon each reboot, the permissions for the /Users and /Users/Shared directories would be set to world-writable, allowing modification of these directories. This issue was addressed with improved permission handling.”
Apple then directs users to support article TS5434, where “the general content” of iTunes 11.2.1 is detailed.
There, the Cupertino company notes that iTunes 11.2.1 further addresses a problem with some folders becoming invisible after installing iTunes 11.2.
The Mac maker explains, “The folders listed below might appear to be missing after installing iTunes 11.2 on OS X Mavericks.” The “affected” folders are /Users and /Users/Shared. “This can happen if you have Find My Mac enabled in iCloud System Preferences.”
The resolution is simple, Apple says. Simply updating to the new iTunes 11.2.1 will resolve the problem.
For those who haven’t yet updated to iTunes 11.2, as noted above the update addresses a Windows vulnerability as well.
“Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines,” Apple says.
The purpose of the update, however, was to improve podcast browsing with the ability to quickly find new episodes in the Unplayed tab, browse episodes that are available to download or stream in the Feed tab, save episodes for offline listening, and an automatic delete function after listening to podcasts.
Finally, the new iTunes fixes a problem where the app may become unresponsive when updating Genius. Overall performance and stability are improved, and, in order to sync podcasts with iDevices, Podcasts for iOS 2.1 or later is recommended.
Download iTunes 11.2.1 for Mac OS X