[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2009-06-01-2 iTunes 8.2

Subject: APPLE-SA-2009-06-01-2 iTunes 8.2
From: Apple Product Security <email@hidden>
Date: Mon, 1 Jun 2009 13:13:37 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2009-06-01-2 iTunes 8.2

iTunes 8.2 is now available and addresses the following:

iTunes
CVE-ID:  CVE-2009-0950
Available for:  Mac OS X v10.4.10 or later,
Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A stack buffer overflow exists in iTunes when parsing
"itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to
an unexpected application termination or arbitrary code execution.
This update addresses the issue through improved bounds checking.
Credit to Will Drewry for reporting this issue.


iTunes 8.2 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes8.2.dmg"
Its SHA-1 digest is: a07c4fb0dfd94ba238024cf8d448165da24e5be5

For Windows XP / Vista:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19

For Windows Vista 64 Bit:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSiQadXkodeiKZIkBAQj1rgf/R8+ZzEVsTXhj8vVCClxSanI3bqqKEQOo
xzkSPQTafOpnDjVywb+5o29TJfDisbzAoYU8RzdlSFBPx8mDdAKkhCiScGpR2/tQ
uBEq9D3OXCD2+NVbSCoLzjh230Hgi2qoz7HIzA4UC9KRxBZfyqFayGOZVg84JPsT
RKCfRHmF8twkY5xupTloOWfUa6DNH2hSbNxnQs4pSHxu+UQLRrwMUQaT6u5DD/ja
e35TA5zH9vnmf9aCH+Jze8syLhOl35rnNXoOC560EmzsfUpbhF28tor+VXLXK6v3
FApOQ039KoNTyR80Ya21Dz4SeCTzfLZQsxP9RxLwabxQdQd5JU+u/g==
=AqmT
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2009-06-01-1 QuickTime 7.6.2
Next by Date: APPLE-SA-2009-06-08-1 Safari 4.0
Previous by thread: APPLE-SA-2009-06-01-1 QuickTime 7.6.2
Next by thread: APPLE-SA-2009-06-08-1 Safari 4.0
Index(es):
- Date
- Thread

Home