site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-04-18-1 iTunes 10.2.2 iTunes 10.2.2 is now available and addresses the following: WebKit Available for: Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution. CVE-ID CVE-2011-1290 : Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp Weinmann, and an anonymous researcher working with TippingPoint's Zero Day Initiative CVE-2011-1344 : Vupen Security working with TippingPoint's Zero Day Initiative, and Martin Barbella iTunes 10.2.2 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes10.2.2.dmg" Its SHA-1 digest is: 7b94065174927dbce71182c89a00b3966021ceb8 For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 30c97f21cb7ec9921b80c7dfd3a9f460b6746045 For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: 10d04b03e9733827e69a20bcf46f5e7ea97e0cd3 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNrGo/AAoJEGnF2JsdZQeeKf0H/2PRqBD4DJdyLvpcTu6x8QD1 TY+SkHSJFK8H3G48fBL45QSM0eFg9FoqQ0DX0Y89X3HPYeWnRxPOQsCyeYV9BaS0 6dYL16OmW0f1kvals0NHGFvFLNd7AFVgxE7Ujr0xsSl8HwrUpwLpF8Qf4lDzbOWo CL9O6nnvR5BipT4fCnh8KWq4RvGbd/VaGqkGuYXE898SYEbcp8LJr1McYh2S3P1l EZzj2p2Z+CJTaka/fyfsl6NgG7g6wpqCcwnqHAxPqixIc5V9ZqSIM7ZI5GkdrZF0 qYY+9tSXdgJqA1oIPE/odOkdh7+qoEqmAJ2eaWRmUvaBBYS0rxKghO3ovU2LEDs= =Hy4U -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com