关键漏洞信息 iTunes 11.1.4 iTunes Tutorials Window - CVE-ID: CVE-2014-1242 - Description: An attacker with a privileged network position may inject arbitrary contents into the iTunes Tutorials window by manipulating an unprotected HTTP connection. Fixed by using HTTPS. Text Tracks Handling - CVE-ID: CVE-2013-1024 - Description: A memory access vulnerability could cause arbitrary code execution when processing text tracks. Fixed by additional validation. WebKit (libxml, libxslt) - CVE-IDs: CVE-2013-1037 to CVE-2013-1047 - Description: Multiple memory vulnerabilities in WebKit could lead to unexpected app crashes or code execution. Fixed by improving memory handling. Libxml - CVE-IDs: CVE-2011-3102, CVE-2012-0841 to CVE-2012-2807 - Description: Multiple memory corruption issues in libxml led to potential crashes or code execution. Resolved by updating to version 2.9.0. Libxslt - CVE-IDs: CVE-2012-2825 to CVE-2012-2871 - Description: Multiple memory corruption vulnerabilities in libxslt resulted in potential crashes or code execution. Fixed by updating to version 1.1.28. Platforms Affected Mac OS X 10.6.8+ Windows 8 Windows 7, Vista XP SP2+