site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-07-19-1 iTunes 9.2.1 iTunes 9.2.1 is now available and addresses the following: iTunes CVE-ID: CVE-2010-1777 Available for: Mac OS X v10.4.11 or later, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in the handling of "itpc:" URLs. Accessing a maliciously crafted "itpc:" URL may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Clint Ruoho of Laconic Security for reporting this issue. iTunes 9.2.1 may be obtained from: http://www.apple.com/itunes/download/ For Mac OS X: The download file is named: "iTunes9.2.1.dmg" Its SHA-1 digest is: adc7ca871aace3361575dd78e0f69bcbeca186c8 For Windows XP / Vista / Windows 7: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: fd86e82bc52dd5a22d922aedf2a6063c224ca48c For 64-bit Windows XP / Vista / Windows 7: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: 461d9cb0053d74f8b8d1804be3d4c50176a6036d Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJMSMjLAAoJEGnF2JsdZQeeOgwH/RA4GkqY34VXbnbEpA1BBJQd pEzH4B0gK0MckKuxxyp8vLXXdAxJAliivym/ZiRuD3Kh+3NRajCXd7JqDE9ubAyA DayXOqfmIxYYIZwYtg5xq+5S+hprg9zJehauvJuwQafQihH00V9EqsFBM5TLr7zY bZFDGHs+UpH4nDS/nCpjNNEnxIzllbjSPlDqhlKJTRn8K4AxKaa1Jy8Wz0/e89eD 77JNfoeeQFQG8sTwIFDCALTLFAYtPh7VL//G+3zffbpGt2u822RrGkt0eFPT0mkX jYgxzkD1u4LpVqTbL9lrbLa1DqqlaKckFN0kX6/pMIXabj0Hcy38AS5oarAqST8= =CIrZ -----END PGP SIGNATURE----- This email sent to site_archiver@lists.apple.com