iTunes WebKit Vulnerabilities Patched With Help From Google

Google & AppleApple released a security bulletin listing 163 vulnerabilities in iTunes that were patched with version 10.7 this week. The underlying WebKit engine is the (open) source of these vulnerabilities, and Google was credited with fixing 74 of the 163 issues.

iTunes 10.7 was released on Tuesday and added support for iOS6 and the latest iPod nano and shuffle models. In addition, 163 security patches were also embedded in the update. Most, if not all, of these patches dealt with memory corruption issues in WebKit, the engine behind iTunes.

WebKit is the same engine that drives Safari and Google Chrome, as well as several mobile browsers.  Therefore there are many parties interested in improving its security. According to ZDNet, the Apple security team fixed 26 vulnerabilities while Google's team fixed 74. The remainder were found by individuals and other interested groups.

Apple lists the impact of these vulnerabilities as "visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution."

That'a reason enough to install the update as soon as possible. It's available thorough Apple's Software Update or directly from the company's website.