Apple last week updated its iTunes software to version 12.6 for its macOS products as well as Windows devices, in both cases fixing the same 17 vulnerabilities.
Seven of the flaws were categorized as issues existing in SQLite, which were addressed by updating the in-process library to version 3.15.2. The other ten were classified as issues in the Expat XML parser, which were resolved by updating expat to version 2.2.0.
A full list of the vulnerabilities is available via Apple's security update notifications for iTunes 12.6 for macOS (v10.9.5 and later) and iTunes 12.6 for Windows (Windows 7 and later).