Apple recently released version 9.2 of its iTunes media player. This version includes fixes for several vulnerabilities on the Windows platform:
- CVE-2009-1726: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.
- CVE-2010-1411: Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution.
- CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771 and CVE-2010-1774: Multiple vulnerabilities in WebKit, which is a framework providing a set of core classes to display Web content in windows and implement features such as following links clicked by the user.
Updating has the adverse effect of causing iTunes no longer to remember its window position. In other words, wherever the window was located when the application was last closed, iTunes always opens at the centre of the desktop. This issue occurs on Windows XP as well as on Windows 7. My guess is that one of the WebKit fixes causes the problem.
Do you know of a fix for this bug, or do you have other information you would like to share? Please post your comments!