Apple Quietly Announces iTunes Vulnerability

A critical update to iTunes has been released. Apple iTunes CVE MITM vulnerabilityIf you have iTunes installed on machines in your environment you’ll want to get this patch right away. The iTunes vulnerability is a man-in-the-middle attack that can occur when a user is browsing the iTunes store. The potential exploit opens the possibility for execution of malicious code through memory corruption.

You can read about this attack more on Apple’s support site here. But in the meantime, let’s get iTunes updated right away.

Silently Install iTunes 12.3.1.23

iTunes can be a challenge to silently install remotely to multiple machines, but if you have PDQ Deploy Pro or Enterprise mode, iTunes is available in the Package Library and is tested and built to install silently on Windows Professional machines. All that’s left to do is start the installation.

If you don’t have PDQ Deploy in Pro or Enterprise mode, no worries. You can get a free Enterprise trial license key to input in your free PDQ Deploy download which will allow you to select any three (3) packages out of the library to deploy.

Silently installing iTunes is easy.

1. Highlight the iTunes package in the package library.itunes_package_library

2. Click ‘Import’, this will download the silently installing package onto your PDQ Deploy console for your deploying pleasure.

3. Highlight your imported package and click Deploy Now.

4. Now you’re ready to choose target machines. You can select these from Active Directory, Spiceworks or use PDQ Inventory Enterprise mode collections to deploy only to machines that have an old version of iTunes on them for quicker deployments. (Check out PDQ Inventory.)