iTunes for Windows 11 gets a fresh update with a vital security fix, and it brings in support for new iPad Air and iPad Pro

Apple has released a new version of iTunes for Windows 11 (and Windows 10), which also includes support for the newly debuted iPad Air and iPad Pro models. 

You can download iTunes version 12.13.2  for Windows from both the Microsoft Store and from Apple’s website.

iTunes has been phased out for macOS and is no longer present on Apple’s own desktop operating system. Apple still updates iTunes pretty regularly on Windows, though, and this new update follows a release that brought in security fixes back in December 2023.

This latest iTunes update also delivers a security fix, dealing with a vulnerability that could lead to the app unexpectedly shutting down, or a malicious party leveraging  “arbitrary code execution” (allowing an attacker to do nasty things to your PC, basically).

Woman relaxing on a sofa, holding a laptop in her lap and using it

(Image credit: Shutterstock/fizkes)

Apple's transition away from iTunes to more modern apps

In general, though, it does seem like Apple is trying to move away from iTunes in favor of its more modern media apps like Apple Music, Apple TV, and iCloud. These modern media apps are also available on Windows, and are optimized to match Windows 11’s own sleek contemporary aesthetics. 

iTunes is more than a media app – it’s also a device manager that many users of Apple hardware are used to, allowing iPhone and iPad users to carry out tasks like backing up data and installing software. However, nowadays you can do that using the newer Apple Device app, which you get through the Microsoft Store as well. 

There’s one caveat to consider – Apple’s new apps might not work as intended if you also have iTunes installed, as Neowin points out, so it’s advised that you pick one to use and uninstall the other.

Woman sitting by window, legs outstretched, with laptop

(Image credit: Shutterstock/number-one)

iTunes: a timeless hub for Apple's media

Apple’s legacy media manager is a classic and still has a lot of purpose as it’s a place to manage all the media you’ve purchased from Apple including music, movies, and TV shows, as well as Apple Music.

If you prefer to continue to use iTunes, of course, you’re still in luck, as you can grab this latest version from the Microsoft Store. This will work whether you’re using Windows 11 or Windows 10, but not Windows 7. You can get older versions of iTunes from Apple’s website (but of course, you shouldn’t still be using Windows 7 for obvious reasons – the lack of security updates being the primary concern).

It’s good that Apple’s still looking out for users who might want to continue to use iTunes, and it also gives Apple a way in with customers who might prefer Windows as their PC’s operating system. 

YOU MIGHT ALSO LIKE

TechRadar – All the latest technology news

Read More

One of Microsoft’s biggest Windows 11 updates yet brought a massive number of security flaw fixes

Microsoft has issued a mammoth Windows 11 update that brings fixes for around 150 security flaws in the operating system, as well as fixes for 67 Remote Code Execution (RCE) vulnerabilities. RCEs enable malicious actors to deploy their code to a target device remotely, often being able to do so without a person’s consent or knowledge – so this is a Windows 11 update you definitely want to install ASAP. 

This update was rolled out on Microsoft’s Patch Tuesday (the second Tuesday of every month), a monthly update when Microsoft releases security updates. 

Three of these were classed as ‘critical’ vulnerabilities, meaning that Microsoft saw them as posing a particularly hefty risk to users. According to Bleeping Computer, more than half of the RCE vulnerabilities were found in Microsoft SQL drivers; essential software components that facilitate communication between Microsoft apps and its servers, leading to speculation that the SQL drivers share a common flaw that is being exploited by malicious users. 

The three vulnerabilities classed as ‘critical’ had to do with Windows Defender, ironically an app designed by Microsoft to protect users from online threats. 

Windows Defender extension for Chrome

(Image credit: Future)

A possibly record-setting update

KrebsonSecurity, a security news site, claims that this security update sets a record for the number of Windows 11 issues addressed, making it the largest update Microsoft has released this year (so far) and the largest released since 2017. 

The number of bugs is broken down as follows:

  • 31 Elevation of Privilege Vulnerabilities
  • 29 Security Feature Bypass Vulnerabilities
  • 67 Remote Code Execution Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

These spanned across several apps and functionalities, including Microsoft Office apps, Bitlocker, Windows Defender, Azure, and more. 

Two zero-day loopholes that were cause for concern

Two zero-day vulnerabilities were also addressed by Microsoft in April’s Patch Tuesday update, and apparently, they have been exploited in malware attacks. Zero-day vulnerabilities are flaws in software that potentially harmful actors find and possibly exploit before the software’s developers discover it. The zero refers to the proverbial buffer of time that developers have in terms of urgency to develop a patch to address the issue. 

Microsoft hasn’t said whether the zero-day flaws were being actively exploited, but this information was shared by Sophos (a software and hardware company) and Trend Micro (a cybersecurity platform). 

One of these has been labeled CVE-2024-26234 by Microsoft, and it’s been classed as a Proxy Drive Spoofing Vulnerability. The other, CVE-2024-29988, was classed as a SmartScreen Prompt Security Feature Bypass Vulnerability.

You can see the full list of vulnerabilities in a report by Bleeping Computer. Mashable points to the fact that Windows necessitates such a vast number of patches and changes because Windows is used as the operating system on different manufacturers’ machines and has to constantly keep up with accommodating a variety of hardware configurations.   

Some users might find Windows 11’s need for frequent updates annoying, which could lead them to consider alternative operating systems like macOS. If you’re sticking with Windows 11, KrebsonSecurity recommends that you back up your computer’s data before installing the update. I’m glad Microsoft continues to address bugs and security risks in Windows 11, even if that does mean we’re nagged to update the OS more than some of its competitors, and I would urge users to make sure that they install this update, which you can do through Windows Update if your PC hasn’t started this process already. 

YOU MIGHT ALSO LIKE…

TechRadar – All the latest technology news

Read More

WhatsApp’s new security label will let you know if future third-party chats are safe

WhatsApp is currently testing a new in-app label letting you know whether or not a chat room has end-to-end encryption (E2EE).

WABetaInfo discovered the caption in the latest Android beta. According to the publication, it’ll appear underneath the contact and group name but only if the conversation is encrypted by the company’s “Signal Protocol” (Not to be confused with the Signal messaging app; the two are different.) The line is meant to serve as a “visual confirmation” informing everyone that outside forces cannot read what they’re talking about or listen to phone calls. WABetaInfo adds that the text will disappear after a few seconds, allowing the Last Seen indicator to take its place. At this moment, it’s unknown if the two lines will change back and forth or if Last Seen will permanently take the E2EE label’s place.

This may not seem like a big deal since it’s just four words with a lock icon. However, this small change is important because it indicates Meta is willing to embrace third-party interoperability.

See more

Third-party compatibility

On March 6, the tech giant published a report on its Engineering at Meta blog detailing how interoperability will work in Europe. The EU passed the Digital Markets Act in 2022 which, among other things, implemented new rules forcing major messaging platforms to let users communicate with third-party services. 

Meta’s post gets into the weeds explaining how interoperability will work. The main takeaway is the company wants partners to use their Signal Protocol. The standard serves as the basis for E2EE on WhatsApp and Messenger, so they want everyone to be on the same playing field.

Other services don’t have to use Signal. They can use their compatible protocols, although they must demonstrate they offer “the same security guarantees”. 

The wording here is pretty cut and dry: if a service doesn’t have the same level of protection, then WhatsApp won’t communicate with it. However, the beta suggests Meta is willing to be flexible. They may not completely shut out non-Signal-compliant platforms. At the very least, the company will inform its users that certain chat rooms may not be as well protected as the ones with E2EE enabled.

Interested Android owners can install the update from the Google Play Beta Program although there is a chance you may not receive the feature. WABetaInfo states it’s only available to a handful of testers. No word if WhatsApp on iOS will see the same patch.

While we have you, be sure to join TechRadar's official WhatsApp channel to get all the latest reviews on your phone.

You might also like

TechRadar – All the latest technology news

Read More

Another big reason to install iOS 17.4 right now – it fixes two major security threats

Apple has just launched iOS 17.4, and right now everyone’s attention is focused on how it lets you run third-party app stores on your iPhone – although only if you're in the European Union. But there’s another important reason you should upgrade: it fixes two extremely serious security flaws.

In a new security post (via BleepingComputer), Apple says that iOS 17.4 and iPadOS 17.4 resolve two zero-day bugs in the iOS kernel and Apple’s RTKit that might allow an attacker to bypass your device’s kernel memory protections. That could potentially give malicious actors very high-level access to your device, so it’s imperative that you patch your iPhone as soon as possible by opening the Settings app, going to General > Software Update and following the on-screen instructions.

These issues are not just hypothetical; Apple says it is “aware of a report that this issue may have been exploited” in both cases, and if a zero-day flaw has been actively exploited it means hackers have been able to take advantage of these issues without anyone knowing. With that in mind, there’s every reason to update your device now that Apple has issued a set of fixes.

Apple says the bugs affect a wide range of devices: the iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later. In other words, a lot of people are potentially impacted.

Actively exploited

holding an iphone

(Image credit: Shutterstock)

Zero-day flaws like these are usually exploited in targeted attacks, often by sophisticated state-sponsored groups. Apple didn’t share any details of how or when these vulnerabilities were put to nefarious use, nor whether they were discovered by Apple’s own security teams or by external researchers.

Apple devices are known for their strong defenses, but are increasingly falling under hackers’ crosshairs. Recent research suggests that there were 20 active zero-day flaws targeting Apple products in 2023 – double the number of the previous year. According to BleepingComputer, three zero-day attacks on Apple devices have been patched so far in 2024.

This kind of exploit demonstrates why it’s so important to keep all of your devices updated with the latest patches, especially if they include security fixes. Leaving yourself vulnerable is a dangerous gamble when there are extremely sophisticated hacking groups out there in the wild. With that in mind, make sure you download the latest iOS 17.4 update as soon as you can.

You might also like

TechRadar – All the latest technology news

Read More