News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Update for iTunes for Windows

    Home Forums AskWoody blog Update for iTunes for Windows

    This topic contains 36 replies, has 12 voices, and was last updated by  Rick Corbett 1 month, 3 weeks ago.

    • Author
      Posts
    • #1979624 Reply

      woody
      Da Boss

      Just in from Nathan: Use iTunes for Windows? Update Now! Apple recently released an update for Bonjour for Windows which is installed with iTunes for
      [See the full post at: Update for iTunes for Windows]

    • #1979643 Reply

      b
      AskWoody Plus

      The originating researchers were apparently incorrect to label the insecure component as Bonjour:

      10/11/19 Update: During revalidation of the exploit, and as we continue to work with Apple on further vulnerabilities that have yet to be patched or announced, we observed that the abused vulnerability relates specifically to an Apple Software Update component that is not associated with Bonjour.

      https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign

      It might help if someone could track down the official downloads for the required updates (iTunes 12.10.1 for Windows, iCloud 7.14 for Windows 7 and iCloud 10.7 for Windows 10).
      I tried but had to give up:
      BitPaymer ransomware spotted abusing iTunes for Windows bug to bypass antivirus

      It beats me how Apple can list 18 years worth of software updates without any links to the actual updates, even from the relevant support documents: Apple security updates

      Windows 10 Version 1909 (Group ASAP)

      1 user thanked author for this post.
    • #1979648 Reply

      Alex5723
      AskWoody Plus

      It beats me how Apple can list 18 years worth of software updates without any links to the actual updates,

      There is no direct download for iTunes anymore, only from Microsoft’s store.
      You can download iCloud from here : https://support.apple.com/en-il/HT204283
      You can just open iTunes and check for updates and then save the downloads/update directly (iTunes, iCloud).
      Latest iTunes can be downloaded from MajorGeeks : https://www.majorgeeks.com/files/details/itunes.html

      2 users thanked author for this post.
      • #1979708 Reply

        anonymous

        I had no trouble finding the itunes download page using google.  Scroll past the the Windows Store verbiage until you see Looking for other versions? then click the Windows> link.  On the resulting page click Download iTunes for Windows now (64-bit).  A link for the 32-bit version is right below.  The download is for iTunes 12.10.1.4 as I write this.  You can find lots of other downloads here.

         

        1 user thanked author for this post.
        • #1979721 Reply

          b
          AskWoody Plus

          Thanks. But should a Google search, and then hoping that you found the fixed version, be necessary after viewing specific Apple security bulletins?

          It’s little wonder that people take their chances with ransomware when some companies make it this difficult to find the fixes that protect them.

          Windows 10 Version 1909 (Group ASAP)

    • #1979707 Reply

      deadite9
      AskWoody Plus

      It beats me how Apple can list 18 years worth of software updates without any links to the actual updates,

      There is no direct download for iTunes anymore, only from Microsoft’s store.
      You can download iCloud from here : https://support.apple.com/en-il/HT204283
      You can just open iTunes and check for updates and then save the downloads/update directly (iTunes, iCloud).
      Latest iTunes can be downloaded from MajorGeeks : https://www.majorgeeks.com/files/details/itunes.html

      This isn’t true. The dedicated iTunes page defaults to the MS Store redirect, but all you have to do is scroll down to just below where it lists the system requirements, where it says “Looking for other versions?”… there are links there for both macOS and Windows, with the Windows version being the old tried-and-true installer.

      Now I’m not saying that they don’t go out of their way to obfuscate it, but it’s definitely there for those that don’t want the “app” version.

       

      1 user thanked author for this post.
      b
      • #1979716 Reply

        b
        AskWoody Plus

        But you can’t confirm in either case which version number you’re downloading?

        And yet some people say that Microsoft makes updating confusing and difficult!

        Windows 10 Version 1909 (Group ASAP)

        • #1979722 Reply

          anonymous

          If no version number is specified, it’s “the latest.”  If you really care, you can right-click the exe after downloading it, select Properties, click the Details tab.

          For non-store versions, the default is for iTunes to automatically notify you that an update is available, and the store version (which doesn’t install bonjour) gets updated along with your other apps.  It’s really not much of a struggle for most of us.

    • #1979750 Reply

      Alex5723
      AskWoody Plus

      But should a Google search, and then hoping that you found the fixed version, be necessary after viewing specific Apple security bulletins?

      should a Google search be necessary when you can just check for update from within iTunes ?
      If you have iTunes installed why do you need to download 265MB of software ?

      • #1979759 Reply

        b
        AskWoody Plus

        Perhaps because running the built-in software updater may not be ideal when it’s just been discovered that the built-in software updater caused ransomware to be applied and it’s the built-in software updater that you’re trying to fix?

        Windows 10 Version 1909 (Group ASAP)

        • #1979783 Reply

          anonymous

          Should I be worried if I’ve already installed the updates via the automatic iTunes updater, then? iTunes is now at version 12.10.1.4, while Apple Software Update is at version 2.6.3.1.

    • #1979775 Reply

      DrBonzo
      AskWoody Plus

      So if I’m reading this right, the vulnerability was originally thought to be in Bonjour, but is now thought to be in the Apple Software Update program. Am I correct in assuming that if I download the new iTunes version that the Apple Software Update program will be fixed?

      I’m dealing with a Win 7 computer whose owner/user claims iTunes has never been installed on it. I can’t find iTunes so I tend to agree. But, I do find Bonjour 3.1.0.1 in Program Data\Apple\Installer Cache and also something just called Bonjour in Windows\Installer. I’m thinking Bonjour 3.1.0.1 is a Bonjour installer and not Bonjour itself. I don’t see any Bonjour in the Control Panel so I can’t uninstall it from there.

      My overarching question(s) are is the computer safe? Should I download and install the latest iTunes patch just to be sure?

      Thanks for any feedback.

      1 user thanked author for this post.
      • #1979781 Reply

        b
        AskWoody Plus

        So if I’m reading this right, the vulnerability was originally thought to be in Bonjour, but is now thought to be in the Apple Software Update program. Am I correct in assuming that if I download the new iTunes version that the Apple Software Update program will be fixed?

        I believe that’s correct.

        I’m dealing with a Win 7 computer whose owner/user claims iTunes has never been installed on it. I can’t find iTunes so I tend to agree. But, I do find Bonjour 3.1.0.1 in Program Data\Apple\Installer Cache and also something just called Bonjour in Windows\Installer. I’m thinking Bonjour 3.1.0.1 is a Bonjour installer and not Bonjour itself. I don’t see any Bonjour in the Control Panel so I can’t uninstall it from there.

        I think we should all forget that Bonjour was ever mentioned in relation to this vulnerability. The security company who found the issue while investigating ransomware infections made a mistake in using that name. It’s Apple Software Update that is the problem and needs to be updated. And that is apparently left behind even after iTunes or iCloud have been uninstalled.

        My overarching question(s) are is the computer safe? Should I download and install the latest iTunes patch just to be sure?

        Thanks for any feedback.

        I would check for Apple Software Update in installed programs and remove it if not needed.

        Windows 10 Version 1909 (Group ASAP)

        2 users thanked author for this post.
        • #1979796 Reply

          DrBonzo
          AskWoody Plus

          @b – Thanks. It wasn’t clear to me whether they had simply used the wrong name or whether they had reevaluated their findings. I’d be happy to forget about Bonjour. I’ll try uninstalling The Apple Software Updater next time I get access to that computer.

          1 user thanked author for this post.
          b
      • #1979876 Reply

        warrenrumak
        AskWoody Plus

        A bunch of other software vendors have used Bonjour, too.

        A few prominent examples are Adobe Creative Suite (version 3 only), SolidWorks, and Dragon Remote Microphone.

         

    • #1979808 Reply

      anonymous

      ? says:

      maybe look at this page:

      Apple security updates October 2019

      it speaks about “UIFoundation and WebKit.”

      or on apple security:

      https://support.apple.com/en-il/HT210635.

      i disable lots of itunes stuff (with autoruns) including bonjour and software updater which i run the exe from program files and put the autostarts to manual…

    • #1979832 Reply

      b
      AskWoody Plus

      BleepingComputer.com has a useful summary (because it addresses Apple Software Update and doesn’t mention the Bonjour red herring):

      Apple Software Update Zero-Day Used by BitPaymer Ransomware

      Windows 10 Version 1909 (Group ASAP)

      1 user thanked author for this post.
      • #1979858 Reply

        OscarCP
        AskWoody Plus

        There is a newer version of “Apple Software Update” I have found exists (V 2.2, at least newer than the 2.1… now installed in my PC), but the bleepingcomputer article, or anything else I have found by looking around in the Web, gives no actual  indication of how to get the latest version (2.2 or whatever). This is really frustrating.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

        1 user thanked author for this post.
        • #1979874 Reply

          b
          AskWoody Plus

          The latest version of Apple Software Update is 2.6.3.1 which has a file date of 9/4/2019.

          (I had to install the latest version of iTunes for Windows to discover this for certain.)

          Windows 10 Version 1909 (Group ASAP)

          1 user thanked author for this post.
    • #1979868 Reply

      anonymous

      From what I understand is that the attacker needs ‘physical’ access to a Windows computer to implement the infection. That could be done via the already buggy RDP-protocol, for which they use a brute force attack. So guess that there is no need for panic as long as you don’t expose your (unpatched) iTunes Windows computer 24/7 to the wild world of internet and/or let doubtfull persons play with your pc without observing them…

      2 users thanked author for this post.
    • #1979881 Reply

      Nathan Parker
      AskWoody_MVP

      I’ve done some digging into this, and here’s some additional info:

      • It is correct that the security vulnerability is with Apple Software Update, not Bonjour for Windows. That has been incorrectly stated in the news. The vulnerability is with Apple’s particular software updater.
      • There doesn’t seem to be a separate update just to update Apple Software Update to a version that resolves the security vulnerability (in the past, Apple has released standalone updates for Apple Software Update for Windows. They are not doing so in this instance. To get the update or updates that patch the issue, users need to install iTunes for Windows 12.10.1, iCloud for Windows 7.14 (Windows 7), or iCloud for Windows 10.7 (Windows 10).
      • Here are the installers. I recommend running these manually versus updating through Apple Software Update, just to be on the safe side. iTunes for Windows. iCloud for Windows.
      • Here’s an article on Apple Software Update for Windows just for those who need to know more about it.

       

      Nathan Parker

      2 users thanked author for this post.
      • #1979892 Reply

        anonymous

        ? says:

        thank you, Nathan P. for the info. i updated to v12.10.1-4. my updater is now v2.6.3.1. Ghacks has an article on removing some of the iTunes components if so desired:

        https://www.ghacks.net/2017/06/12/how-to-remove-extra-itunes-components-on-windows/

        i simply disable theApple Software Updater, and edit the trigger (disable) in the Task Scheduler, turn off (disable) the Bonjour (mDNSResponder.exe), disable the autostart iTunesHelper.exe and set Apple Mobile Device Support and iPod Service to manual.

      • #1979915 Reply

        James Bond 007
        AskWoody Lounger

        I’ve done some digging into this, and here’s some additional info:

        • It is correct that the security vulnerability is with Apple Software Update, not Bonjour for Windows. That has been incorrectly stated in the news. The vulnerability is with Apple’s particular software updater.
        • There doesn’t seem to be a separate update just to update Apple Software Update to a version that resolves the security vulnerability (in the past, Apple has released standalone updates for Apple Software Update for Windows. They are not doing so in this instance. To get the update or updates that patch the issue, users need to install iTunes for Windows 12.10.1, iCloud for Windows 7.14 (Windows 7), or iCloud for Windows 10.7 (Windows 10).
        • Here are the installers. I recommend running these manually versus updating through Apple Software Update, just to be on the safe side. iTunes for Windows. iCloud for Windows.
        • Here’s an article on Apple Software Update for Windows just for those who need to know more about it.

         

        After you downloaded the iTunes 10.12.1 installer, you can extract its contents by using a decompression program like 7-Zip. Then you can just run AppleSoftwareUpdate.msi to update Apple Software Update to version 2.6.3 which supposedly should fix the Apple Software Update vulnerability.

        I uninstalled the original Apple Software Update using Control Panel and then installed this version directly without installing iTunes 10.12.1, and it seems to work afterwards.

        Hope for the best. Prepare for the worst.

        4 users thanked author for this post.
        • #1979943 Reply

          Rick Corbett
          AskWoody_MVP

          @james-bond-007… what a helpful tip! I did exactly what you suggested, choosing Repair:

          Apple_Software_Update

          Even on my clonky old Win 7 PC the ‘repair’ took less than 5 seconds and didn’t require a reboot.

          The only problem is that – even though I downloaded a fresh iTunes installer directly from the Apple website – the AppleSoftwareUpdate.msi is only v2.6.3.1!

          Thank you!

          Attachments:
          1 user thanked author for this post.
          • #1980013 Reply

            OscarCP
            AskWoody Plus

            Rick Corbett: I have earlier used the “Repair” option, but ended with the same old version of “Apple Software Update” (ASU) I stated with.

            So one may need to follow the complete procedure: uninstall the old iTunes, then install iTunes 12.10.1 (or maybe installing the latter is all that is needed?), then Repair the ASU. Assuming one wants to keep any Apple stuff for Windows 7, that is.

            Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

            • #1980015 Reply

              Rick Corbett
              AskWoody_MVP

              @oscarcp – The thing is, the AppleSoftwareUpdate.msi DID carry out the update as expected (‘cos I compared the program version and install date before and after running in the newer MSI)… so I’m fairly confident that the update mechanism is working fine.

              I hate iTunes for Windows, especially having to do the same round on un-install, re-boot, re-install, reboot on multiple PCs belonging to family and friends… so this quick and simple method seems ideal… if only Apple had included the latest version. 🙂

          • #1980014 Reply

            Rick Corbett
            AskWoody_MVP

            Well, I downloaded it again (again from Apple), checking that the iTunes installer was in fact v12.10.1.4… it is. The AppleSoftwareUpdate.msi is definitely only v2.6.3.1, not v2.6.3.3. 🙁

            • #1980050 Reply

              Rick Corbett
              AskWoody_MVP

              Just for completeness, I also downloaded iCloud 7.14 for Windows 7 directly from Apple and unpacked the installer only to find that AppleSoftwareUpdate.msi is only v2.6.3.1.

              So, as an experiment I downloaded iCloud for Windows 10 directly from Apple and unpacked it. Once again, AppleSoftwareUpdate.msi is only v2.6.3.1. I installed it (the laptop had never has iCloud installed on it previously) and the program version is identical to iCloud for Windows 7, i.e. v7.14.0.29… so I’m not clear where ‘iCloud 10.7 for Windows 10’ in previous posts came from.

              Anyway, long story short, @james-bond-007‘s method was by far the quickest and easiest to update to the latest version, although I think v2.6.3.3 for AppleSoftwareUpdate.msi was a typo. I’d love to see a screenshot to prove me wrong. 🙂

    • #1979895 Reply

      OscarCP
      AskWoody Plus

      It just occurred to me that: (a) I am not really using Windows 7 that much any more, and (b) I have iTunes up to date in the Mac. The problem seems to be restricted to the Windows version of the Apple Software Updater. So, if I simply uninstall both this Updater and the old version of iTunes in Windows, is that going, somehow, to have unintended negative consequences, beyond the intended one of not having this Apple software anymore there? I don’t believe that I have anything else from Apple in my Windows PC.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      • #1979898 Reply

        anonymous

        ? says:

        OscarCP, i’ve uninstalled iTunes before and used RevoUninstaller in advanced mode to clean up most of it. you can look in Program Files and also the registry after if you desire…

    • #1979916 Reply

      OscarCP
      AskWoody Plus

      Anonymous, Thanks, I think your prescription for obliterating these two bits of Apple software, if applied, should leave no even the tiniest of traces of them on my HD.

      Now, my question was not really so much about “how to do that”, but more about “if I did that, what could happen then”? After I have uninstalled “Apple Software Updater” and iTunes (the only Apple software I know to be installed in my Windows 7 PC) could something both unintended and really bad happen? Besides, of course, not having ASU and iTunes to kick around anymore. But that would be both OK by me and fully intended.

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #1980032 Reply

      Mele20
      AskWoody Lounger

      To get the update or updates that patch the issue, users need to install iTunes for Windows 12.10.1, iCloud for Windows 7.14 (Windows 7), or iCloud for Windows 10.7 (Windows 10).

      Back in early April, my 1709 version of Windows 10 Pro went unsupported and I finally allowed Windows Updates to upgrade to a new version. I expected to get 1809 but Microsoft blackballed 1809 because of incompatible software and I ended up with 1803 meaning yet another upgrade next month…ugh.

      Anyhow, this thread is a bit late. I found Apple Updater, a number of hours BEFORE Woody’s post, popped up on my computer when I came back to it after being away for awhile and it said there were iCloud and iTunes updates. It didn’t say anything about why…I assumed they were ordinary updates. So, I allowed the updates. To my disappointment, I found Apple still has done nothing about the hard coding of iCloud to IE. (Yes, iCloud can be opened from various browsers, but most Windows users would open it from the systray and that makes it open in IE).

      I am a bit confused by your comment about what version of iCloud I should have. I have 7.14.0.29 on Windows 10 Pro version 1803 (I also have iCloud 7 on my older Windows 8.0 Pro computer). I first installed it Dec 2018 on Windows 10 1709 after I got my first smart phone (iPhone XR). I was a bit surprised that I had to use iCloud for Windows 7 but a Windows 10 user canNOT get iCloud from the Microsoft store UNLESS they have ver 18362.145 (1903). Plus, a GIGANTIC no-no for iCloud for Windows 10 is that, apparently, according to reviews on Microsoft store, it will NOT install on a Windows 10 machine that uses a LOCAL ACCOUNT. I will never use a Microsoft Windows account! (Possibly, the reviewers saying this do not realize you can use a Local Account for Windows 10 but also have a Microsoft Store account and be logged into it while on your Windows 10 Local Account. I hope this is the case as it would be awful if Microsoft chooses to block Windows 10 Local Account users from getting iCloud for Windows 10).

      iOS 13.1.2 as buggy as it is in many respects, fixed an irritating problem I had with iCloud 7 on my Windows 10 computer. I no longer have to wait several days for photos taken with the phone to download from iCloud to my computer. They download the moment the phone, after taking them, comes within range of my computer so instantaneous if I am sitting at the computer, pick up the phone and make a screenshot of something on the phone, or take a photo of my pet, etc. That’s great!

    • #1980040 Reply

      Alex5723
      AskWoody Plus

      could something both unintended and really bad happen?

      If you use an iPhone, iPad, iPod… you won’t be able to connect the devices to your Windows PC for local backup, music/movie sync, restore iOS/iPadOS from backup/iCloud…

      2 users thanked author for this post.
      • #1980412 Reply

        OscarCP
        AskWoody Plus

        Thanks. For me at least, none of that is going to be a problem.

        Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #1980357 Reply

      Nathan Parker
      AskWoody_MVP

      I am a bit confused by your comment about what version of iCloud I should have. I have 7.14.0.29 on Windows 10 Pro version 1803 (I also have iCloud 7 on my older Windows 8.0 Pro computer).

      Apple mentioned that 7.14 is for Windows 7 and 10.7 is for Windows 10, but 10.7 is Microsoft Store only, so it’s not going to install for you in your case. If 7.14 works for you on your copy of Windows 10, I’d stick with it.

      Nathan Parker

      1 user thanked author for this post.
      • #1980418 Reply

        Rick Corbett
        AskWoody_MVP

        Ah, that explains where the v10.7 came from… the Microsoft Store. Nope, I won’t be using the Store version.

        For a start the Win32 version works for me in both Win 7 and Win 10 (plus the Win32 installer is 156Mb whilst the Store’s UWP version is 253MB… that’s quite some difference).

        iCloud_Win32

        iCloud_Store

        The main reason though were the reviews. I took the time to read them all. From the screenshot it appears that 4 out of 24 people gave the UWP version a 5-star rating.

        However, if you click on the ‘Show all’ link and read each review you’ll find that there’s not *one* 5-star rating at all. Overall the reviews were absolutely dreadful across the board.

        Attachments:
        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Update for iTunes for Windows

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Cancel