site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2009-06-01-2 iTunes 8.2 iTunes 8.2 is now available and addresses the following: iTunes CVE-ID: CVE-2009-0950 Available for: Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue. iTunes 8.2 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes8.2.dmg" Its SHA-1 digest is: a07c4fb0dfd94ba238024cf8d448165da24e5be5 For Windows XP / Vista: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 16f5b1e787b36aece842ea5ae80bfc6bf2b32b19 For Windows Vista 64 Bit: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: b8739f847f2b66835f4f4b542b3308de96d418ed Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.2.1608 wsBVAwUBSiQadXkodeiKZIkBAQj1rgf/R8+ZzEVsTXhj8vVCClxSanI3bqqKEQOo xzkSPQTafOpnDjVywb+5o29TJfDisbzAoYU8RzdlSFBPx8mDdAKkhCiScGpR2/tQ uBEq9D3OXCD2+NVbSCoLzjh230Hgi2qoz7HIzA4UC9KRxBZfyqFayGOZVg84JPsT RKCfRHmF8twkY5xupTloOWfUa6DNH2hSbNxnQs4pSHxu+UQLRrwMUQaT6u5DD/ja e35TA5zH9vnmf9aCH+Jze8syLhOl35rnNXoOC560EmzsfUpbhF28tor+VXLXK6v3 FApOQ039KoNTyR80Ya21Dz4SeCTzfLZQsxP9RxLwabxQdQd5JU+u/g== =AqmT -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com