Apple Releases iTunes 9.2 with iPhone 4 & iOS 4 Support, Windows Security Fixes

Apple released iTunes 9.2 Wednesday, an update that includes support for iPhone 4, iOS 4, iBooks 1.1, and more. It also includes some security fixes for the Windows version of iTunes.

Apple’s feature patch notes:

  • Sync with iPhone 4 to enjoy your favorite music, movies, TV shows, books and more on-the-go
  • Sync and read books with iPhone or iPod touch with iOS 4 and iBooks 1.1
  • Organize and sync PDF documents as books. Read PDFs with iBooks 1.1 on iPad and any iPhone or iPod touch with iOS 4
  • Organize your apps on your iOS 4 home screens into folders using iTunes
  • Faster back-ups while syncing an iPhone or iPod touch with iOS 4
  • Album artwork improvements make artwork appear more quickly when exploring your library

Apple’s security patch notes:

  • ColorSync
    CVE-ID: CVE-2009-1726
    Available for: Windows 7, Vista, XP SP2 or later
    Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow exists in the handling of images with an embedded ColorSync profile. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of ColorSync profiles. Credit to Chris Evans of the Google Security Team, and Andrzej Dyjak for reporting this issue.
  • ImageIO
    CVE-ID: CVE-2010-1411
    Available for: Windows 7, Vista, XP SP2 or later
    Impact: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.
  • WebKit
    CVE-ID: CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390,
    CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396,
    CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400,
    CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404,
    CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410,
    CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416,
    CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421,
    CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759,
    CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770,
    CVE-2010-1771, CVE-2010-1774
    Available for: Windows 7, Vista, XP SP2 or later
    Impact: Multiple vulnerabilities in WebKit
    Description: WebKit is updated to the version included in Safari 5.0 and Safari 4.1 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution.

iTunes 9.2 is a 121.9MB download for Intel Macs in Mac OS X 10.6.x. You can download the update through Software Update. Windows users can find the update in the Apple Updater utility accessed through Safari or iTunes.