Changes
Updated to ITunes 10.1, Application Support 1.4, Mobile Device Drivers 3.3.0.69
* Apple is known to sometimes modify the setup packages of their programs even at minor version changes, so do not blindly assume that a new ITunes installer will work the same way as the old one did!
* '''Warning''': The version of Quicktime that is bundled with ITunes is '''not''' necessarily the newest version available and may contain known security flaws. For example ITunes 9.2.1.5 contained Quicktime 7.66, although Quicktime 7.67 had already been released since weeks at that time. Quicktime 7.66 has a highly critical security flaw that allows for remote execution of arbitrary code, simply by visiting a webpage ([http://secunia.com/advisories/40729 secunia.com]). If you encounter such a scenario, you will have to download the standalone Quicktime installer from Apple and extract the file QuickTime.msi from there. Alternatively you can use the minimal ITunes installation method below, which removes the Quicktime browser plugin and thereby mitigates the attack surface.
* There is a 64bit version of ITunes available too. As of version 10.0.1.22 0.54 the 64bit installer contains 64bit versions of ITunes itself and Apple Mobile Device Support and 32bit versions of Quicktime and Apple Application Support. If you have The package definition definitions for the 64bit versions feel free to add them to look basically the wikisame as below, just the paths and GUIDs are different.
= Full ITunes installation 10.0.1.22 0.54 =
''If you update this code, please remember the GUIDs change on each new version installed!''
<source lang="xml">
<?xml version="1.0" encoding="UTF-8"?>
<package id='appleapplicationsupport' name='Apple Application Support' revision='1.34.20' reboot='false' priority='1'> <check type='registry' condition='equals' path='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAEAFD6817424F35-BB4A8B77-45074ADF-A241BC63-C8804D2EA66DBF9B81418539}\DisplayVersion' value='1.34.20' />
<install cmd='msiexec /i "%SOFTWARE%\itunes\AppleApplicationSupport.msi" /passive /norestart' timeout='300'>
</upgrade>
<remove cmd='msiexec /x {DAEAFD6817424F35-BB4A8B77-45074ADF-A241BC63-C8804D2EA66DBF9B81418539} /passive /norestart' timeout='300'>
<exit code='0' />
<exit code='1605' />
</remove>
</package>
<package id='applemobilesupport' name='Apple Mobile Device Support' revision='3.23.0.4769' reboot='false' priority='1'> <check type='registry' condition='equals' path='HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCA1EEA3308B6AEA-555EDE50-4D054666-AC46996D-4B49C6C5D8870FA461719D6B}\DisplayVersion' value='3.23.0.4769' />
<install cmd='msiexec /i "%SOFTWARE%\itunes\AppleMobileDeviceSupport.msi" /passive /norestart' timeout='300'>
<exit code='3010' reboot='postponed' />
</upgrade>
<remove cmd='msiexec /x {CCA1EEA3308B6AEA-555EDE50-4D054666-AC46996D-4B49C6C5D8870FA461719D6B} /passive /norestart' timeout='300'>
<exit code='0' />
<exit code='1605' />
</remove>
</package>
<package id='itunes' name='Apple iTunes' revision='10.0.1.220.54' reboot='false' priority='1'>
<depends package-id='appleapplicationsupport' />
<depends package-id='quicktime' />
<check type='uninstall' condition='exists' path='iTunes' />
<check type='file' condition='versiongreaterorequal' path='%PROGRAMFILES%\iTunes\iTunes.exe' value='10.0.1.220.54' />
<install cmd='msiexec.exe /i "%SOFTWARE%\itunes\iTunes.msi" SCHEDULE_ASUW=0 /passive /norestart' timeout='300'>
<upgrade cmd='reg add "HKLM\SOFTWARE\Apple Computer, Inc.\iTunes\Parental Controls\Default" /v "AdminFlags" /t REG_DWORD /d "0x101" /f' timeout='60' />
<remove cmd='msiexec.exe /x {2CE5A2E7E8843212-3437F0FC-4CE74C3B-BCF4BFF3-85ED6EEFF9E4D51829CB4F19} /passive /norestart' timeout='300'>
<exit code='0' />
<exit code='1605' />
</source>
= Minimal ITunes installation 10.0.1.22 0.54 =
The goal of this setup is to get
# a working installation of ITunes which allows you to activate, backup and sync an IPhone or Ipod, download and install new iOS versions and optionally get songs/apps from the Apple Store,
=== Quicktime ===
* Open QuickTime.msi with Orca, select ''New Transform'' from the main menu.
* Edit the table ''FeatureComponents'' and drop the component ''QuickTimeEssentials.qtx''. This gets rid of the installation of the Quicktime Firefox plugin. The rationale behind this is that the Quicktime plugin is of almost no use anymore because hardly anyone except Apple embeds Quicktime media files into websites. However nowadays one of the main attack vectors and primary source of drive-by installs are security holes in webbrowser plugins (for example the most recent installer of ITunes as of September 2010 contains 10.0 contained a Quicktime version that has two known and highly critical security holes [http://secunia.com/advisories/41123/ #1] [http://secunia.com/advisories/41213/ #2]). Therefore it is strongly advisable to install as few plugins as possible.
* Drop the condition ''NOT BNEWERPRODUCTISINSTALLED'' from the ''LaunchCondition'' table. This allows you the roll out the MSI via WPKG even if the user already installed a newer version of Quicktime manually.
* Click ''Generate Transform'' and save the resulting file into the same folder as the MSI.
<source lang="xml">
<?xml version="1.0" encoding="UTF-8"?>
<package id='itunes' name='Apple iTunes' revision='10.0.1.220.54' reboot='false' priority='1'>
<depends package-id='appleapplication' />
<depends package-id='quicktime' />
<check type='uninstall' condition='exists' path='iTunes' />
<check type='file' condition='versiongreaterorequal' path='%PROGRAMFILES%\iTunes\iTunes.exe' value='10.0.1.220.54' />
<!-- DESKTOP_SHORTCUTS=0: Don't create desktop shortcuts
<upgrade cmd='reg add "HKLM\SOFTWARE\Apple Computer, Inc.\iTunes\Parental Controls\Default" /v "AdminFlags" /t REG_DWORD /d "0x101" /f' timeout='60' />
<remove cmd='msiexec.exe /x {2CE5A2E7E8843212-3437F0FC-4CE74C3B-BCF4BFF3-85ED6EEFF9E4D51829CB4F19} /passive /norestart' timeout='300'>
<exit code='0' />
<exit code='1605' />