Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
APPLE-SA-2010-07-19-1 iTunes 9.2.1
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2010-07-19-1 iTunes 9.2.1



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2010-07-19-1 iTunes 9.2.1

iTunes 9.2.1 is now available and addresses the following:

iTunes
CVE-ID:  CVE-2010-1777
Available for:  Mac OS X v10.4.11 or later, Windows 7,
Vista, XP SP2 or later
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow exists in the handling of "itpc:"
URLs. Accessing a maliciously crafted "itpc:" URL may lead to an
unexpected application termination or arbitrary code execution. This
issue is addressed through improved bounds checking. Credit to Clint
Ruoho of Laconic Security for reporting this issue.


iTunes 9.2.1 may be obtained from:
http://www.apple.com/itunes/download/

For Mac OS X:
The download file is named: "iTunes9.2.1.dmg"
Its SHA-1 digest is: adc7ca871aace3361575dd78e0f69bcbeca186c8

For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: fd86e82bc52dd5a22d922aedf2a6063c224ca48c

For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: 461d9cb0053d74f8b8d1804be3d4c50176a6036d

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJMSMjLAAoJEGnF2JsdZQeeOgwH/RA4GkqY34VXbnbEpA1BBJQd
pEzH4B0gK0MckKuxxyp8vLXXdAxJAliivym/ZiRuD3Kh+3NRajCXd7JqDE9ubAyA
DayXOqfmIxYYIZwYtg5xq+5S+hprg9zJehauvJuwQafQihH00V9EqsFBM5TLr7zY
bZFDGHs+UpH4nDS/nCpjNNEnxIzllbjSPlDqhlKJTRn8K4AxKaa1Jy8Wz0/e89eD
77JNfoeeQFQG8sTwIFDCALTLFAYtPh7VL//G+3zffbpGt2u822RrGkt0eFPT0mkX
jYgxzkD1u4LpVqTbL9lrbLa1DqqlaKckFN0kX6/pMIXabj0Hcy38AS5oarAqST8=
=CIrZ
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored. Security-announce mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.