Your music, movies, TV shows, apps, and more. The best way to follow your favorite artists and friends — and discover the music they’re talking about, listening to, and downloading. iTunes is home to everything that entertains you.

Features:

Forget rifling through stacks of CDs or flipping through channels. iTunes puts your entire music and video collection a mere click away, giving you an all-access pass to thousands of hours of digital entertainment. Browse. Organize. Play. All from your Mac or PC.

View your library by artist, album, episode, year, rating — any way you want. Find what you’re looking for with a quick search that reveals results as you type.

Turn CDs into digital music by importing them to iTunes. Organize your entire collection with custom playlists.

Shuffle songs to mix up your groove. Listen to music from other computers on your network. Play video using onscreen controls.

iTunes can also be used to sync your content on your iPod, iPhone, and other Apple devices.

iTunes for Android

Although there is no iTunes for Android app from Apple, Apple Music has the same functionality you would expect from an iTunes app. You can use the Apple Music for Android app to access your iTunes library from your Android device.

What's New:

Mobile Device Service

  • Available for: Windows 7 and later
  • Impact: A user may gain access to protected parts of the file system
  • Description: The issue was addressed with improved permissions logic.
  • CVE-2020-3861: Andrea Pierini (@decoder_it), Christian Danieli (@padovah4ck)

libxslt

  • Available for: Windows 7 and later
  • Impact: A remote attacker may be able to view sensitive information
  • Description: A stack overflow was addressed with improved input validation.
  • CVE-2019-13118: found by OSS-Fuzz

WebKit

  • Available for: Windows 7 and later
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue was addressed with improved state management.
  • CVE-2019-8658: akayn working with Trend Micro's Zero Day Initiative

WebKit

  • Available for: Windows 7 and later
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.
  • CVE-2019-8690: Sergei Glazunov of Google Project Zero

WebKit

  • Available for: Windows 7 and later
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: Multiple memory corruption issues were addressed with improved memory handling.
  • CVE-2019-8644: G. Geshev working with Trend Micro's Zero Day Initiative
  • CVE-2019-8666: Zongming Wang (王宗明) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd.
  • CVE-2019-8669: akayn working with Trend Micro's Zero Day Initiative
  • CVE-2019-8671: Apple
  • CVE-2019-8672: Samuel Groß of Google Project Zero
  • CVE-2019-8673: Soyeon Park and Wen Xu of SSLab at Georgia Tech
  • CVE-2019-8676: Soyeon Park and Wen Xu of SSLab at Georgia Tech
  • CVE-2019-8677: Jihui Lu of Tencent KeenLab
  • CVE-2019-8678: an anonymous researcher, Anthony Lai (@darkfloyd1014) of Knownsec, Ken Wong (@wwkenwong) of VXRL, Jeonghoon Shin (@singi21a) of Theori, Johnny Yu (@straight_blast) of VX Browser Exploitation Group, Chris Chan (@dr4g0nfl4me) of VX Browser Exploitation Group, Phil Mok (@shadyhamsters) of VX Browser Exploitation Group, Alan Ho (@alan_h0) of Knownsec, Byron Wai of VX Browser Exploitation
  • CVE-2019-8679: Jihui Lu of Tencent KeenLab
  • CVE-2019-8680: Jihui Lu of Tencent KeenLab
  • CVE-2019-8681: G. Geshev working with Trend Micro Zero Day Initiative
  • CVE-2019-8683: lokihardt of Google Project Zero
  • CVE-2019-8684: lokihardt of Google Project Zero
  • CVE-2019-8685: akayn, Dongzhuo Zhao working with ADLab of Venustech, Ken Wong (@wwkenwong) of VXRL, Anthony Lai (@darkfloyd1014) of VXRL, and Eric Lung (@Khlung1) of VXRL
  • CVE-2019-8686: G. Geshev working with Trend Micro's Zero Day Initiative
  • CVE-2019-8687: Apple
  • CVE-2019-8688: Insu Yun of SSLab at Georgia Tech
  • CVE-2019-8689: lokihardt of Google Project Zero

WebKit

  • Available for: Windows 7 and later
  • Impact: Processing maliciously crafted web content may lead to universal cross site scripting
  • Description: A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management.
  • CVE-2019-8649: Sergei Glazunov of Google Project Zero